Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hoping its just malware [Closed]

Started by kingjab , Apr 21 2013 06:04 PM

  • This topic is locked This topic is locked

#1
kingjab
Posted 21 April 2013 - 06:04 PM

kingjab

    New Member

  • Member
  • Pip
  • 7 posts
computer is having major problems and so im hoping its just malware. games crash, some games cannot play saying errors in a .dll file, lots of different things here and there. i read the tutorial and here is the logs.

OTL logfile created on: 4/21/2013 4:58:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\james\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.18% Memory free
6.49 Gb Paging File | 4.69 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 353.20 Gb Free Space | 75.83% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 16:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\james\Downloads\OTL.exe
PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/29 12:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2013/03/29 12:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2013/03/14 22:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/14 19:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/03/14 19:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/16 13:51:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/04/16 13:50:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/04/16 13:50:01 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 01:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 01:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 01:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/29 12:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/26 17:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/25 15:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files\Steam\SDL2.dll
MOD - [2012/12/11 10:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 10:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 10:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV - [2013/04/20 19:40:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/29 12:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/14 22:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/28 21:17:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/14 22:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/22 23:22:33 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/18 22:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 02 24 6F 25 1B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2B7F46BC-8B12-414C-8813-12F968FBB3E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B7F46BC-8B12-414C-8813-12F968FBB3E9}: "URL" = http://search.condui...UM=2&SSPV=TB_T4
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/21 01:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla FireFox\extensions\[email protected] [2013/04/13 17:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/21 01:45:53 | 000,000,000 | ---D | M]

[2013/04/13 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/13 17:02:38 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: InfoAtoms = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.1_0\
CHR - Extension: RealDownloader = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: WhiteSmoke New = C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.523_0\

O1 HOSTS File: ([2013/04/20 01:06:14 | 000,000,841 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (GetSavin 5.0) - {6581DB66-F706-4717-B12C-CB49948F8286} - C:\Users\james\AppData\Local\getsavin\ie\getsavin_1365897601.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A9CF23-9BAB-4296-8200-BAEC185AFF89}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09972e44-64cd-11e2-9cca-50e549c52b77}\Shell - "" = AutoRun
O33 - MountPoints2\{09972e44-64cd-11e2-9cca-50e549c52b77}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 14:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013/04/21 14:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\world_of_tanks
[2013/04/21 14:11:47 | 000,000,000 | ---D | C] -- C:\Games
[2013/04/21 13:50:15 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\WoT_internet_install_na
[2013/04/20 15:32:30 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Malwarebytes
[2013/04/20 15:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/20 15:32:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/20 15:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/20 15:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/20 15:32:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Programs
[2013/04/20 14:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/04/20 14:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/04/20 01:04:06 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\RK_Quarantine
[2013/04/19 03:08:21 | 000,000,000 | -HSD | C] -- C:\found.002
[2013/04/18 02:47:20 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\VIDEO_TS
[2013/04/15 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Solid State Networks
[2013/04/15 01:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\MeteorEntertainment
[2013/04/15 01:44:43 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2013/04/13 17:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
[2013/04/13 17:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security
[2013/04/13 17:02:46 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\CRE
[2013/04/13 17:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\InfoAtoms
[2013/04/13 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Systweak
[2013/04/13 16:59:04 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/04/11 03:23:55 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/04/09 00:53:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Ubisoft
[2013/04/09 00:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013/04/09 00:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/04/06 17:43:23 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
[2013/04/06 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner Statistics Server
[2013/04/06 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
[2013/04/06 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\EVGA Precision X
[2013/04/06 08:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/06 00:29:21 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\temp
[2013/04/05 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2013/04/05 20:05:19 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\ElevatedDiagnostics
[2013/04/05 16:58:14 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Bioshock
[2013/04/05 16:58:14 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Bioshock
[2013/04/05 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameFly
[2013/04/05 12:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFly
[2013/04/05 12:55:28 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\GameFly
[2013/04/05 12:55:28 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\GameFly
[2013/04/05 12:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\GameFly
[2013/04/04 10:45:44 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Curse Advertising
[2013/04/03 12:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/03/27 15:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/03/27 15:54:03 | 000,000,000 | ---D | C] -- C:\temp
[2013/03/26 22:45:56 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Chromium
[2013/03/26 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Dungeons and Dragons Online
[2013/03/26 21:49:17 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Turbine
[2013/03/26 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\ApplicationHistory
[2013/03/26 21:48:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2013/03/26 00:36:19 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\runic games
[2013/03/25 12:44:04 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Skyrim
[2013/03/25 04:42:12 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\my games
[2013/03/23 12:52:12 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 16:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/21 16:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/21 14:24:12 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/04/21 13:57:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/20 16:21:55 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 16:21:55 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 16:18:57 | 000,668,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/20 16:18:57 | 000,125,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/20 16:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/20 16:14:35 | 2615,074,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/20 15:32:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/15 03:24:24 | 000,002,170 | ---- | M] () -- C:\Users\james\Desktop\Hawken.lnk
[2013/04/15 03:22:40 | 249,639,794 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/13 17:23:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/04/13 17:23:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/04/13 17:02:30 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/04/13 16:53:54 | 021,041,152 | ---- | M] () -- C:\Users\james\Desktop\crashes.evtx
[2013/04/10 03:39:08 | 000,293,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/09 00:47:18 | 000,002,442 | ---- | M] () -- C:\Users\Public\Desktop\Assassins Creed Directors Cut.lnk
[2013/04/07 18:35:21 | 000,007,598 | ---- | M] () -- C:\Users\james\AppData\Local\Resmon.ResmonCfg
[2013/04/06 12:46:53 | 000,001,050 | ---- | M] () -- C:\Users\james\Desktop\EVGA Precision X.lnk
[2013/04/06 08:07:32 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/05 22:47:39 | 000,252,888 | ---- | M] () -- C:\AnalysisLogApi.sr1
[2013/04/05 12:55:23 | 000,001,815 | ---- | M] () -- C:\Users\james\Desktop\GameFly.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 00:23:40 | 000,000,215 | ---- | M] () -- C:\Users\james\Desktop\The Elder Scrolls V Skyrim.url
[2013/03/26 21:49:21 | 000,000,093 | ---- | M] () -- C:\Users\james\AppData\Local\fusioncache.dat
[2013/03/23 12:52:12 | 000,000,318 | ---- | M] () -- C:\Users\james\Desktop\Curse Client.appref-ms
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 14:24:12 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/04/20 16:20:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/20 15:32:28 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/15 03:24:24 | 000,002,170 | ---- | C] () -- C:\Users\james\Desktop\Hawken.lnk
[2013/04/13 17:23:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/04/13 17:23:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/04/13 17:02:30 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/04/13 16:53:48 | 021,041,152 | ---- | C] () -- C:\Users\james\Desktop\crashes.evtx
[2013/04/09 00:47:18 | 000,002,442 | ---- | C] () -- C:\Users\Public\Desktop\Assassins Creed Directors Cut.lnk
[2013/04/07 18:35:21 | 000,007,598 | ---- | C] () -- C:\Users\james\AppData\Local\Resmon.ResmonCfg
[2013/04/06 12:35:02 | 000,001,050 | ---- | C] () -- C:\Users\james\Desktop\EVGA Precision X.lnk
[2013/04/05 22:47:23 | 000,252,888 | ---- | C] () -- C:\AnalysisLogApi.sr1
[2013/04/05 12:55:23 | 000,001,815 | ---- | C] () -- C:\Users\james\Desktop\GameFly.lnk
[2013/04/03 12:28:17 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/03/28 00:23:40 | 000,000,215 | ---- | C] () -- C:\Users\james\Desktop\The Elder Scrolls V Skyrim.url
[2013/03/27 15:53:18 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/03/26 21:49:21 | 000,000,093 | ---- | C] () -- C:\Users\james\AppData\Local\fusioncache.dat
[2013/03/23 12:52:12 | 000,000,318 | ---- | C] () -- C:\Users\james\Desktop\Curse Client.appref-ms
[2013/02/19 15:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\d3dx10_43.dll
[2013/01/03 18:28:57 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/12/28 20:44:31 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/09/28 12:45:16 | 000,246,272 | ---- | C] () -- C:\Windows\System32\rtvcvfw64.dll
[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/18 01:57:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\.minecraft
[2013/02/27 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\AVG
[2013/02/23 19:26:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\AVG2013
[2013/04/07 18:18:58 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Bioshock
[2013/04/04 10:46:22 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Curse Advertising
[2013/01/22 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\DAEMON Tools Lite
[2013/04/05 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\GameFly
[2013/01/14 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OfficeSuiteX
[2013/03/26 00:36:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\runic games
[2013/04/21 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Systweak
[2013/02/23 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TuneUp Software
[2013/04/09 00:53:24 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Ubisoft
[2013/02/21 01:51:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Wargaming.net

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 21 April 2013 - 07:13 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
kingjab
Posted 23 April 2013 - 03:34 AM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
sorry for late reply i just got off work but for first one security check
Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 22
Java 7 Update 17
Adobe Flash Player 11.7.700.169
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````

for adwcleaner

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 02:25:31
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : james - JAMES-PC
# Boot Mode : Normal
# Running from : C:\Users\james\Downloads\adwcleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [385 octets] - [20/04/2013 01:00:13]
AdwCleaner[S2].txt - [6683 octets] - [20/04/2013 01:00:36]
AdwCleaner[S3].txt - [1204 octets] - [23/04/2013 02:25:31]

########## EOF - C:\AdwCleaner[S3].txt - [1264 octets] ##########


and for roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Scan -- Date : 04/23/2013 02:33:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] e64002f7357194e461308541311ef57d
[BSP] 1067070e70277dbf6c8df0c70e58ef09 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_04232013_02d0233.txt >>
RKreport[1]_S_04202013_02d0105.txt ; RKreport[2]_S_04232013_02d0233.txt


let me know if you need anything else
  • 0

#4
gringo_pr
Posted 23 April 2013 - 06:03 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
kingjab
Posted 23 April 2013 - 02:34 PM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 13-04-23.02 - james 04/23/2013 13:21:11.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3325.1740 [GMT -7:00]
Running from: c:\users\james\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
.
.
2013-04-23 20:24 . 2013-04-23 20:25 -------- d-----w- c:\users\james\AppData\Local\temp
2013-04-23 20:24 . 2013-04-23 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 12:05 . 2013-04-23 12:05 -------- d-----w- c:\windows\system32\wbem\Framework
2013-04-23 10:30 . 2013-04-23 10:30 -------- d-----w- c:\program files\Artemis DEMO
2013-04-21 21:22 . 2013-04-22 19:40 -------- d-----w- c:\program files\world_of_tanks
2013-04-21 21:11 . 2013-04-21 21:19 -------- d-----w- C:\Games
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-20 22:32 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Local\Programs
2013-04-20 21:52 . 2013-04-20 21:52 -------- d-----w- c:\program files\Speccy
2013-04-19 10:08 . 2013-04-19 10:08 -------- d-----w- C:\found.002
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\users\james\AppData\Local\Solid State Networks
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\program files\MeteorEntertainment
2013-04-14 00:03 . 2013-04-14 00:03 -------- d-----w- c:\program files\Marcos Velasco Security
2013-04-14 00:02 . 2013-04-14 00:02 -------- d-----w- c:\users\james\AppData\Local\CRE
2013-04-14 00:02 . 2013-04-14 00:02 -------- d-----w- c:\program files\InfoAtoms
2013-04-13 23:59 . 2013-04-21 22:03 -------- d-----w- c:\users\james\AppData\Roaming\Systweak
2013-04-11 10:23 . 2013-04-11 10:23 -------- d-----w- C:\found.001
2013-04-10 09:52 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 09:52 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 09:52 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 09:52 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 09:52 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 09:52 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 09:52 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\users\james\AppData\Roaming\Ubisoft
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\programdata\Ubisoft
2013-04-07 00:43 . 2013-04-08 01:18 -------- d-----w- c:\program files\RivaTuner Statistics Server
2013-04-06 19:34 . 2013-04-21 04:43 -------- d-----w- c:\program files\EVGA Precision X
2013-04-06 03:05 . 2013-04-06 03:05 -------- d-----w- c:\users\james\AppData\Local\ElevatedDiagnostics
2013-04-05 23:58 . 2013-04-08 01:18 -------- d-----w- c:\users\james\AppData\Roaming\Bioshock
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\users\james\AppData\Roaming\GameFly
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\program files\GameFly
2013-04-04 17:45 . 2013-04-04 17:46 -------- d-----w- c:\users\james\AppData\Roaming\Curse Advertising
2013-04-03 19:29 . 2013-04-22 08:52 -------- d-----w- c:\users\UpdatusUser
2013-04-03 19:28 . 2013-03-15 02:59 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-03 19:28 . 2013-03-15 02:59 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-03 19:28 . 2013-03-15 02:59 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-03 19:28 . 2013-03-15 02:59 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-03 19:28 . 2013-03-15 02:59 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-03 19:28 . 2013-03-13 07:07 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-03 19:28 . 2013-04-03 19:28 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-03 19:20 . 2012-12-19 05:41 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2013-04-03 19:20 . 2012-12-19 05:41 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-04-03 19:20 . 2012-12-18 08:31 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-04-03 19:20 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-03 19:20 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-03 19:06 . 2013-04-03 19:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 22:54 . 2013-04-21 22:02 -------- d-----w- C:\temp
2013-03-27 05:45 . 2013-03-27 05:45 -------- d-----w- c:\users\james\AppData\Local\Chromium
2013-03-27 04:49 . 2013-03-27 05:36 -------- d-----w- c:\users\james\AppData\Local\Turbine
2013-03-27 04:49 . 2013-03-27 05:42 -------- d-----w- c:\users\james\AppData\Local\ApplicationHistory
2013-03-26 07:36 . 2013-03-26 07:36 -------- d-----w- c:\users\james\AppData\Roaming\runic games
2013-03-25 19:44 . 2013-03-25 19:44 -------- d-----w- c:\users\james\AppData\Local\Skyrim
2013-03-25 19:43 . 2008-10-15 13:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-03-25 19:43 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-03-25 19:43 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 02:40 . 2013-01-18 08:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-21 02:40 . 2013-01-18 08:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-03 19:05 . 2012-12-29 03:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 19:05 . 2012-12-29 03:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 08:45 . 2013-03-21 08:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-21 08:45 . 2013-03-21 08:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-03-15 05:07 . 2013-03-15 05:07 559904 ----a-w- c:\windows\system32\nvStreaming.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 04:48 . 2013-03-13 07:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-16 10:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-08 00:45 . 2013-02-22 08:32 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E074E917-45BE-4058-A154-80F9C8BC6CB5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^james^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2013-03-14 00:15 4394032 ----a-w- c:\program files\AVG\AVG2013\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-03-29 19:53 1631144 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-21 08:45 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\james\AppData\Local\Temp\tmpCBAA.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 09:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 02:40]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6581DB66-F706-4717-B12C-CB49948F8286} - c:\users\james\AppData\Local\getsavin\ie\getsavin_1365897601.dll
MSConfigStartUp-SearchProtect - c:\users\james\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSConfigStartUp-SearchProtectAll - c:\program files\SearchProtect\bin\cltmng.exe
AddRemove-GetSavin - c:\users\james\AppData\Local\getsavin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\james\AppData\Local\Temp\tmpCBAA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-23 13:25:51
ComboFix-quarantined-files.txt 2013-04-23 20:25
.
Pre-Run: 377,827,196,928 bytes free
Post-Run: 379,219,828,736 bytes free
.
- - End Of File - - EBB252C55410ADF05A372EFA44DC8824

it didnt restart my computer at all. My computer still crashes games but there arent any errors when it happens anymore
  • 0

#6
gringo_pr
Posted 23 April 2013 - 07:23 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0

#7
kingjab
Posted 23 April 2013 - 11:22 PM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
21:46:02.0808 3328 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:46:03.0588 3328 ============================================================
21:46:03.0588 3328 Current date / time: 2013/04/23 21:46:03.0588
21:46:03.0588 3328 SystemInfo:
21:46:03.0588 3328
21:46:03.0588 3328 OS Version: 6.1.7601 ServicePack: 1.0
21:46:03.0588 3328 Product type: Workstation
21:46:03.0588 3328 ComputerName: JAMES-PC
21:46:03.0588 3328 UserName: james
21:46:03.0588 3328 Windows directory: C:\Windows
21:46:03.0588 3328 System windows directory: C:\Windows
21:46:03.0588 3328 Processor architecture: Intel x86
21:46:03.0588 3328 Number of processors: 4
21:46:03.0588 3328 Page size: 0x1000
21:46:03.0588 3328 Boot type: Normal boot
21:46:03.0588 3328 ============================================================
21:46:09.0038 3328 BG loaded
21:46:09.0678 3328 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:46:09.0698 3328 ============================================================
21:46:09.0698 3328 \Device\Harddisk0\DR0:
21:46:09.0718 3328 MBR partitions:
21:46:09.0718 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:46:09.0718 3328 ============================================================
21:46:09.0758 3328 C: <-> \Device\Harddisk0\DR0\Partition1
21:46:09.0758 3328 ============================================================
21:46:09.0758 3328 Initialize success
21:46:09.0758 3328 ============================================================
21:48:13.0094 5516 ============================================================
21:48:13.0094 5516 Scan started
21:48:13.0094 5516 Mode: Manual;
21:48:13.0094 5516 ============================================================
21:48:14.0376 5516 ================ Scan system memory ========================
21:48:14.0376 5516 System memory - ok
21:48:14.0376 5516 ================ Scan services =============================
21:48:14.0564 5516 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:48:14.0566 5516 1394ohci - ok
21:48:14.0629 5516 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:48:14.0630 5516 ACPI - ok
21:48:14.0669 5516 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:48:14.0673 5516 AcpiPmi - ok
21:48:14.0767 5516 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:48:14.0768 5516 AdobeFlashPlayerUpdateSvc - ok
21:48:14.0797 5516 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:48:14.0802 5516 adp94xx - ok
21:48:14.0818 5516 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:48:14.0821 5516 adpahci - ok
21:48:14.0851 5516 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:48:14.0864 5516 adpu320 - ok
21:48:14.0908 5516 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:48:14.0909 5516 AeLookupSvc - ok
21:48:15.0045 5516 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:48:15.0047 5516 AFD - ok
21:48:15.0061 5516 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:48:15.0069 5516 agp440 - ok
21:48:15.0099 5516 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:48:15.0112 5516 aic78xx - ok
21:48:15.0181 5516 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:48:15.0182 5516 ALG - ok
21:48:15.0201 5516 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:48:15.0202 5516 aliide - ok
21:48:15.0212 5516 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:48:15.0213 5516 amdagp - ok
21:48:15.0216 5516 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:48:15.0217 5516 amdide - ok
21:48:15.0233 5516 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:48:15.0236 5516 AmdK8 - ok
21:48:15.0249 5516 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:48:15.0249 5516 AmdPPM - ok
21:48:15.0284 5516 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:48:15.0285 5516 amdsata - ok
21:48:15.0305 5516 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:48:15.0307 5516 amdsbs - ok
21:48:15.0317 5516 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:48:15.0317 5516 amdxata - ok
21:48:15.0340 5516 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:48:15.0346 5516 AppID - ok
21:48:15.0380 5516 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:48:15.0380 5516 AppIDSvc - ok
21:48:15.0384 5516 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:48:15.0384 5516 Appinfo - ok
21:48:15.0412 5516 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:48:15.0413 5516 AppMgmt - ok
21:48:15.0427 5516 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
21:48:15.0441 5516 arc - ok
21:48:15.0458 5516 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:48:15.0465 5516 arcsas - ok
21:48:15.0807 5516 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:48:15.0835 5516 aspnet_state - ok
21:48:15.0853 5516 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:15.0854 5516 AsyncMac - ok
21:48:15.0858 5516 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:48:15.0859 5516 atapi - ok
21:48:15.0883 5516 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:48:15.0886 5516 AudioEndpointBuilder - ok
21:48:15.0891 5516 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:48:15.0893 5516 Audiosrv - ok
21:48:16.0021 5516 [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:48:16.0041 5516 AVGIDSAgent - ok
21:48:16.0080 5516 [ 1A2213B7D94944861449CB07BF2D099E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
21:48:16.0082 5516 AVGIDSDriver - ok
21:48:16.0107 5516 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
21:48:16.0108 5516 AVGIDSHX - ok
21:48:16.0130 5516 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
21:48:16.0131 5516 AVGIDSShim - ok
21:48:16.0160 5516 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
21:48:16.0162 5516 Avgldx86 - ok
21:48:16.0205 5516 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
21:48:16.0206 5516 Avglogx - ok
21:48:16.0242 5516 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
21:48:16.0243 5516 Avgmfx86 - ok
21:48:16.0249 5516 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
21:48:16.0249 5516 Avgrkx86 - ok
21:48:16.0256 5516 [ 52448A41CF1769CB3627677A0509627B ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
21:48:16.0257 5516 Avgtdix - ok
21:48:16.0274 5516 [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:48:16.0276 5516 avgwd - ok
21:48:16.0293 5516 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:48:16.0294 5516 AxInstSV - ok
21:48:16.0312 5516 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
21:48:16.0316 5516 b06bdrv - ok
21:48:16.0333 5516 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:48:16.0336 5516 b57nd60x - ok
21:48:16.0349 5516 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:48:16.0350 5516 BDESVC - ok
21:48:16.0362 5516 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:48:16.0363 5516 Beep - ok
21:48:16.0394 5516 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:48:16.0396 5516 BFE - ok
21:48:16.0420 5516 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:48:16.0423 5516 BITS - ok
21:48:16.0432 5516 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:48:16.0432 5516 blbdrive - ok
21:48:16.0460 5516 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:48:16.0460 5516 bowser - ok
21:48:16.0466 5516 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:48:16.0467 5516 BrFiltLo - ok
21:48:16.0474 5516 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:48:16.0475 5516 BrFiltUp - ok
21:48:16.0500 5516 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:48:16.0502 5516 BridgeMP - ok
21:48:16.0522 5516 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:48:16.0523 5516 Browser - ok
21:48:16.0646 5516 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
21:48:16.0658 5516 BrowserProtect - ok
21:48:16.0678 5516 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:48:16.0681 5516 Brserid - ok
21:48:16.0685 5516 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:48:16.0686 5516 BrSerWdm - ok
21:48:16.0688 5516 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:48:16.0689 5516 BrUsbMdm - ok
21:48:16.0692 5516 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:48:16.0693 5516 BrUsbSer - ok
21:48:16.0699 5516 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:48:16.0700 5516 BTHMODEM - ok
21:48:16.0705 5516 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:48:16.0705 5516 bthserv - ok
21:48:16.0753 5516 catchme - ok
21:48:16.0773 5516 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:48:16.0774 5516 cdfs - ok
21:48:16.0793 5516 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:48:16.0794 5516 cdrom - ok
21:48:16.0797 5516 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:48:16.0798 5516 CertPropSvc - ok
21:48:16.0814 5516 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
21:48:16.0815 5516 circlass - ok
21:48:16.0824 5516 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:48:16.0825 5516 CLFS - ok
21:48:16.0871 5516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:48:16.0873 5516 clr_optimization_v2.0.50727_32 - ok
21:48:16.0916 5516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:48:16.0993 5516 clr_optimization_v4.0.30319_32 - ok
21:48:16.0996 5516 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:48:16.0999 5516 CmBatt - ok
21:48:17.0002 5516 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:48:17.0003 5516 cmdide - ok
21:48:17.0024 5516 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
21:48:17.0026 5516 CNG - ok
21:48:17.0029 5516 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:48:17.0030 5516 Compbatt - ok
21:48:17.0041 5516 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:48:17.0042 5516 CompositeBus - ok
21:48:17.0044 5516 COMSysApp - ok
21:48:17.0048 5516 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:48:17.0049 5516 crcdisk - ok
21:48:17.0084 5516 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:48:17.0085 5516 CryptSvc - ok
21:48:17.0105 5516 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:48:17.0107 5516 CSC - ok
21:48:17.0162 5516 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:48:17.0164 5516 CscService - ok
21:48:17.0188 5516 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:48:17.0191 5516 DcomLaunch - ok
21:48:17.0200 5516 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:48:17.0201 5516 defragsvc - ok
21:48:17.0206 5516 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:48:17.0207 5516 DfsC - ok
21:48:17.0228 5516 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:48:17.0229 5516 Dhcp - ok
21:48:17.0241 5516 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:48:17.0242 5516 discache - ok
21:48:17.0263 5516 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
21:48:17.0264 5516 Disk - ok
21:48:17.0278 5516 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:48:17.0279 5516 dmvsc - ok
21:48:17.0295 5516 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:48:17.0296 5516 Dnscache - ok
21:48:17.0308 5516 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:48:17.0309 5516 dot3svc - ok
21:48:17.0316 5516 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:48:17.0317 5516 DPS - ok
21:48:17.0347 5516 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:48:17.0348 5516 drmkaud - ok
21:48:17.0383 5516 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:48:17.0384 5516 dtsoftbus01 - ok
21:48:17.0413 5516 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:48:17.0417 5516 DXGKrnl - ok
21:48:17.0422 5516 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:48:17.0424 5516 EapHost - ok
21:48:17.0487 5516 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
21:48:17.0531 5516 ebdrv - ok
21:48:17.0548 5516 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:48:17.0550 5516 EFS - ok
21:48:17.0626 5516 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:48:17.0629 5516 ehRecvr - ok
21:48:17.0639 5516 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:48:17.0639 5516 ehSched - ok
21:48:17.0695 5516 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:48:17.0699 5516 elxstor - ok
21:48:17.0710 5516 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:48:17.0711 5516 ErrDev - ok
21:48:17.0725 5516 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:48:17.0726 5516 EventSystem - ok
21:48:17.0732 5516 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:48:17.0734 5516 exfat - ok
21:48:17.0742 5516 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:48:17.0744 5516 fastfat - ok
21:48:17.0771 5516 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:48:17.0774 5516 Fax - ok
21:48:17.0782 5516 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
21:48:17.0783 5516 fdc - ok
21:48:17.0790 5516 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:48:17.0791 5516 fdPHost - ok
21:48:17.0798 5516 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:48:17.0799 5516 FDResPub - ok
21:48:17.0809 5516 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:48:17.0810 5516 FileInfo - ok
21:48:17.0821 5516 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:48:17.0822 5516 Filetrace - ok
21:48:17.0824 5516 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:48:17.0825 5516 flpydisk - ok
21:48:17.0846 5516 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:48:17.0847 5516 FltMgr - ok
21:48:17.0888 5516 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:48:17.0892 5516 FontCache - ok
21:48:17.0926 5516 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:48:17.0927 5516 FontCache3.0.0.0 - ok
21:48:17.0934 5516 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:48:17.0935 5516 FsDepends - ok
21:48:17.0955 5516 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:48:17.0955 5516 Fs_Rec - ok
21:48:17.0980 5516 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:48:17.0981 5516 fvevol - ok
21:48:17.0992 5516 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:48:17.0993 5516 gagp30kx - ok
21:48:18.0012 5516 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:48:18.0015 5516 gpsvc - ok
21:48:18.0058 5516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:48:18.0058 5516 gupdate - ok
21:48:18.0061 5516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:48:18.0062 5516 gupdatem - ok
21:48:18.0064 5516 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:48:18.0065 5516 hcw85cir - ok
21:48:18.0086 5516 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:48:18.0088 5516 HdAudAddService - ok
21:48:18.0095 5516 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:18.0096 5516 HDAudBus - ok
21:48:18.0098 5516 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:48:18.0099 5516 HidBatt - ok
21:48:18.0104 5516 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:48:18.0106 5516 HidBth - ok
21:48:18.0123 5516 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:48:18.0124 5516 HidIr - ok
21:48:18.0136 5516 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:48:18.0137 5516 hidserv - ok
21:48:18.0168 5516 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:48:18.0169 5516 HidUsb - ok
21:48:18.0189 5516 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:48:18.0191 5516 hkmsvc - ok
21:48:18.0202 5516 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:48:18.0204 5516 HomeGroupListener - ok
21:48:18.0218 5516 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:48:18.0220 5516 HomeGroupProvider - ok
21:48:18.0226 5516 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:48:18.0228 5516 HpSAMD - ok
21:48:18.0245 5516 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:48:18.0247 5516 HTTP - ok
21:48:18.0257 5516 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:48:18.0258 5516 hwpolicy - ok
21:48:18.0268 5516 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:48:18.0269 5516 i8042prt - ok
21:48:18.0278 5516 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:48:18.0282 5516 iaStorV - ok
21:48:18.0318 5516 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:48:18.0327 5516 idsvc - ok
21:48:18.0347 5516 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:48:18.0348 5516 iirsp - ok
21:48:18.0374 5516 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:48:18.0378 5516 IKEEXT - ok
21:48:18.0387 5516 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:48:18.0388 5516 intelide - ok
21:48:18.0405 5516 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:48:18.0406 5516 intelppm - ok
21:48:18.0418 5516 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:48:18.0419 5516 IPBusEnum - ok
21:48:18.0430 5516 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:18.0431 5516 IpFilterDriver - ok
21:48:18.0455 5516 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:48:18.0457 5516 iphlpsvc - ok
21:48:18.0470 5516 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:48:18.0471 5516 IPMIDRV - ok
21:48:18.0477 5516 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:48:18.0479 5516 IPNAT - ok
21:48:18.0503 5516 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:48:18.0503 5516 IRENUM - ok
21:48:18.0514 5516 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:48:18.0515 5516 isapnp - ok
21:48:18.0531 5516 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:48:18.0534 5516 iScsiPrt - ok
21:48:18.0555 5516 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:48:18.0556 5516 kbdclass - ok
21:48:18.0571 5516 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:48:18.0571 5516 kbdhid - ok
21:48:18.0582 5516 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:48:18.0583 5516 KeyIso - ok
21:48:18.0618 5516 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:48:18.0619 5516 KSecDD - ok
21:48:18.0631 5516 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:48:18.0632 5516 KSecPkg - ok
21:48:18.0667 5516 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:48:18.0800 5516 KtmRm - ok
21:48:18.0826 5516 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:48:18.0829 5516 LanmanServer - ok
21:48:18.0853 5516 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:48:18.0855 5516 LanmanWorkstation - ok
21:48:18.0874 5516 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:48:18.0875 5516 lltdio - ok
21:48:18.0898 5516 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:48:18.0907 5516 lltdsvc - ok
21:48:18.0922 5516 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:48:18.0923 5516 lmhosts - ok
21:48:18.0932 5516 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:48:18.0934 5516 LSI_FC - ok
21:48:18.0945 5516 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:48:18.0946 5516 LSI_SAS - ok
21:48:18.0956 5516 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:48:18.0957 5516 LSI_SAS2 - ok
21:48:18.0960 5516 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:48:18.0962 5516 LSI_SCSI - ok
21:48:18.0968 5516 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:48:18.0968 5516 luafv - ok
21:48:19.0013 5516 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:48:19.0014 5516 MBAMProtector - ok
21:48:19.0081 5516 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:48:19.0083 5516 MBAMScheduler - ok
21:48:19.0123 5516 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:48:19.0126 5516 MBAMService - ok
21:48:19.0141 5516 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:48:19.0143 5516 Mcx2Svc - ok
21:48:19.0156 5516 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
21:48:19.0157 5516 megasas - ok
21:48:19.0166 5516 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:48:19.0169 5516 MegaSR - ok
21:48:19.0186 5516 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:48:19.0187 5516 MMCSS - ok
21:48:19.0190 5516 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:48:19.0191 5516 Modem - ok
21:48:19.0197 5516 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:48:19.0198 5516 monitor - ok
21:48:19.0202 5516 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:48:19.0203 5516 mouclass - ok
21:48:19.0209 5516 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:48:19.0210 5516 mouhid - ok
21:48:19.0217 5516 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:48:19.0218 5516 mountmgr - ok
21:48:19.0232 5516 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:48:19.0234 5516 mpio - ok
21:48:19.0257 5516 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:48:19.0257 5516 mpsdrv - ok
21:48:19.0270 5516 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:48:19.0273 5516 MpsSvc - ok
21:48:19.0283 5516 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:48:19.0285 5516 MRxDAV - ok
21:48:19.0309 5516 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:19.0310 5516 mrxsmb - ok
21:48:19.0318 5516 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:19.0319 5516 mrxsmb10 - ok
21:48:19.0330 5516 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:19.0331 5516 mrxsmb20 - ok
21:48:19.0334 5516 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:48:19.0335 5516 msahci - ok
21:48:19.0341 5516 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:48:19.0343 5516 msdsm - ok
21:48:19.0358 5516 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:48:19.0369 5516 MSDTC - ok
21:48:19.0385 5516 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:48:19.0386 5516 Msfs - ok
21:48:19.0392 5516 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:48:19.0392 5516 mshidkmdf - ok
21:48:19.0401 5516 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:48:19.0402 5516 msisadrv - ok
21:48:19.0415 5516 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:48:19.0423 5516 MSiSCSI - ok
21:48:19.0426 5516 msiserver - ok
21:48:19.0454 5516 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:48:19.0455 5516 MSKSSRV - ok
21:48:19.0464 5516 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:19.0464 5516 MSPCLOCK - ok
21:48:19.0470 5516 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:48:19.0470 5516 MSPQM - ok
21:48:19.0479 5516 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:48:19.0480 5516 MsRPC - ok
21:48:19.0484 5516 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:48:19.0485 5516 mssmbios - ok
21:48:19.0494 5516 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:48:19.0495 5516 MSTEE - ok
21:48:19.0497 5516 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:48:19.0498 5516 MTConfig - ok
21:48:19.0507 5516 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:48:19.0508 5516 Mup - ok
21:48:19.0530 5516 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:48:19.0533 5516 napagent - ok
21:48:19.0563 5516 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:48:19.0564 5516 NativeWifiP - ok
21:48:19.0600 5516 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:48:19.0603 5516 NDIS - ok
21:48:19.0616 5516 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:48:19.0617 5516 NdisCap - ok
21:48:19.0644 5516 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:19.0646 5516 NdisTapi - ok
21:48:19.0656 5516 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:19.0657 5516 Ndisuio - ok
21:48:19.0668 5516 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:19.0669 5516 NdisWan - ok
21:48:19.0679 5516 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:48:19.0680 5516 NDProxy - ok
21:48:19.0686 5516 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:48:19.0686 5516 NetBIOS - ok
21:48:19.0697 5516 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:48:19.0698 5516 NetBT - ok
21:48:19.0707 5516 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:48:19.0708 5516 Netlogon - ok
21:48:19.0752 5516 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:48:19.0754 5516 Netman - ok
21:48:19.0780 5516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:48:19.0796 5516 NetMsmqActivator - ok
21:48:19.0812 5516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:48:19.0813 5516 NetPipeActivator - ok
21:48:19.0827 5516 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:48:19.0830 5516 netprofm - ok
21:48:19.0833 5516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:48:19.0834 5516 NetTcpActivator - ok
21:48:19.0837 5516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:48:19.0837 5516 NetTcpPortSharing - ok
21:48:19.0851 5516 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:48:19.0852 5516 nfrd960 - ok
21:48:19.0873 5516 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:48:19.0875 5516 NlaSvc - ok
21:48:19.0878 5516 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:48:19.0878 5516 Npfs - ok
21:48:19.0898 5516 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:48:19.0899 5516 nsi - ok
21:48:19.0910 5516 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:48:19.0911 5516 nsiproxy - ok
21:48:19.0953 5516 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:48:19.0958 5516 Ntfs - ok
21:48:19.0967 5516 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:48:19.0968 5516 Null - ok
21:48:19.0998 5516 [ A103F2A100B091809A120A1463BC9EB5 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:48:19.0999 5516 NVHDA - ok
21:48:20.0122 5516 [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:48:20.0158 5516 nvlddmkm - ok
21:48:20.0197 5516 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:48:20.0199 5516 nvraid - ok
21:48:20.0212 5516 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:48:20.0214 5516 nvstor - ok
21:48:20.0262 5516 [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc C:\Windows\system32\nvvsvc.exe
21:48:20.0266 5516 nvsvc - ok
21:48:20.0298 5516 [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:48:20.0303 5516 nvUpdatusService - ok
21:48:20.0310 5516 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:48:20.0312 5516 nv_agp - ok
21:48:20.0319 5516 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:48:20.0320 5516 ohci1394 - ok
21:48:20.0348 5516 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:48:20.0350 5516 p2pimsvc - ok
21:48:20.0364 5516 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:48:20.0366 5516 p2psvc - ok
21:48:20.0379 5516 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
21:48:20.0380 5516 Parport - ok
21:48:20.0392 5516 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:48:20.0393 5516 partmgr - ok
21:48:20.0403 5516 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:48:20.0404 5516 Parvdm - ok
21:48:20.0412 5516 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:48:20.0413 5516 PcaSvc - ok
21:48:20.0420 5516 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:48:20.0421 5516 pci - ok
21:48:20.0427 5516 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:48:20.0427 5516 pciide - ok
21:48:20.0440 5516 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:48:20.0443 5516 pcmcia - ok
21:48:20.0459 5516 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:48:20.0460 5516 pcw - ok
21:48:20.0474 5516 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:48:20.0477 5516 PEAUTH - ok
21:48:20.0512 5516 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:48:20.0517 5516 PeerDistSvc - ok
21:48:20.0551 5516 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:48:20.0558 5516 pla - ok
21:48:20.0595 5516 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:48:20.0598 5516 PlugPlay - ok
21:48:20.0609 5516 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:48:20.0611 5516 PNRPAutoReg - ok
21:48:20.0615 5516 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:48:20.0617 5516 PNRPsvc - ok
21:48:20.0666 5516 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:48:20.0671 5516 PolicyAgent - ok
21:48:20.0718 5516 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:48:20.0720 5516 Power - ok
21:48:20.0728 5516 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:48:20.0729 5516 PptpMiniport - ok
21:48:20.0740 5516 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
21:48:20.0741 5516 Processor - ok
21:48:20.0761 5516 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:48:20.0763 5516 ProfSvc - ok
21:48:20.0773 5516 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:48:20.0775 5516 ProtectedStorage - ok
21:48:20.0784 5516 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:48:20.0785 5516 Psched - ok
21:48:20.0811 5516 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:48:20.0823 5516 ql2300 - ok
21:48:20.0836 5516 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:48:20.0838 5516 ql40xx - ok
21:48:20.0858 5516 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:48:20.0860 5516 QWAVE - ok
21:48:20.0864 5516 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:48:20.0865 5516 QWAVEdrv - ok
21:48:20.0871 5516 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:48:20.0872 5516 RasAcd - ok
21:48:20.0885 5516 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:48:20.0886 5516 RasAgileVpn - ok
21:48:20.0891 5516 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:48:20.0893 5516 RasAuto - ok
21:48:20.0900 5516 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:20.0901 5516 Rasl2tp - ok
21:48:20.0913 5516 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:48:20.0916 5516 RasMan - ok
21:48:20.0923 5516 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:20.0924 5516 RasPppoe - ok
21:48:20.0935 5516 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:48:20.0936 5516 RasSstp - ok
21:48:20.0943 5516 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:48:20.0945 5516 rdbss - ok
21:48:20.0956 5516 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:48:20.0957 5516 rdpbus - ok
21:48:20.0968 5516 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:20.0968 5516 RDPCDD - ok
21:48:20.0988 5516 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:48:20.0990 5516 RDPDR - ok
21:48:21.0009 5516 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:48:21.0009 5516 RDPENCDD - ok
21:48:21.0022 5516 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:48:21.0022 5516 RDPREFMP - ok
21:48:21.0054 5516 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:48:21.0055 5516 RdpVideoMiniport - ok
21:48:21.0080 5516 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:48:21.0082 5516 RDPWD - ok
21:48:21.0097 5516 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:48:21.0098 5516 rdyboost - ok
21:48:21.0184 5516 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:48:21.0185 5516 RealNetworks Downloader Resolver Service - ok
21:48:21.0208 5516 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:48:21.0209 5516 RemoteAccess - ok
21:48:21.0212 5516 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:48:21.0214 5516 RemoteRegistry - ok
21:48:21.0224 5516 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:48:21.0225 5516 RpcEptMapper - ok
21:48:21.0246 5516 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:48:21.0247 5516 RpcLocator - ok
21:48:21.0264 5516 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
21:48:21.0267 5516 RpcSs - ok
21:48:21.0270 5516 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:48:21.0270 5516 rspndr - ok
21:48:21.0298 5516 [ 6A2586DCB5B04A52404699EB325DF1DB ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:48:21.0300 5516 RTL8167 - ok
21:48:21.0303 5516 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:48:21.0304 5516 s3cap - ok
21:48:21.0315 5516 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:48:21.0316 5516 SamSs - ok
21:48:21.0345 5516 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:48:21.0347 5516 sbp2port - ok
21:48:21.0354 5516 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:48:21.0356 5516 SCardSvr - ok
21:48:21.0367 5516 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:48:21.0368 5516 scfilter - ok
21:48:21.0403 5516 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:48:21.0407 5516 Schedule - ok
21:48:21.0413 5516 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:48:21.0414 5516 SCPolicySvc - ok
21:48:21.0417 5516 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:48:21.0419 5516 SDRSVC - ok
21:48:21.0434 5516 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:48:21.0435 5516 secdrv - ok
21:48:21.0437 5516 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:48:21.0439 5516 seclogon - ok
21:48:21.0450 5516 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:48:21.0452 5516 SENS - ok
21:48:21.0476 5516 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:48:21.0477 5516 SensrSvc - ok
21:48:21.0480 5516 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:48:21.0480 5516 Serenum - ok
21:48:21.0495 5516 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:48:21.0495 5516 Serial - ok
21:48:21.0498 5516 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:48:21.0499 5516 sermouse - ok
21:48:21.0515 5516 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:48:21.0517 5516 SessionEnv - ok
21:48:21.0523 5516 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:48:21.0523 5516 sffdisk - ok
21:48:21.0526 5516 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:48:21.0527 5516 sffp_mmc - ok
21:48:21.0534 5516 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:48:21.0535 5516 sffp_sd - ok
21:48:21.0537 5516 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:48:21.0538 5516 sfloppy - ok
21:48:21.0555 5516 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:48:21.0556 5516 SharedAccess - ok
21:48:21.0568 5516 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:48:21.0570 5516 ShellHWDetection - ok
21:48:21.0578 5516 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:48:21.0579 5516 sisagp - ok
21:48:21.0591 5516 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:48:21.0592 5516 SiSRaid2 - ok
21:48:21.0595 5516 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:48:21.0597 5516 SiSRaid4 - ok
21:48:21.0633 5516 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:48:21.0634 5516 SkypeUpdate - ok
21:48:21.0648 5516 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:48:21.0654 5516 Smb - ok
21:48:21.0659 5516 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:48:21.0661 5516 SNMPTRAP - ok
21:48:21.0672 5516 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:48:21.0673 5516 spldr - ok
21:48:21.0694 5516 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:48:21.0696 5516 Spooler - ok
21:48:21.0751 5516 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:48:21.0765 5516 sppsvc - ok
21:48:21.0785 5516 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:48:21.0787 5516 sppuinotify - ok
21:48:21.0821 5516 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:48:21.0822 5516 srv - ok
21:48:21.0830 5516 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:48:21.0831 5516 srv2 - ok
21:48:21.0860 5516 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:48:21.0861 5516 srvnet - ok
21:48:21.0873 5516 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:48:21.0875 5516 SSDPSRV - ok
21:48:21.0886 5516 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:48:21.0888 5516 SstpSvc - ok
21:48:21.0930 5516 Steam Client Service - ok
21:48:21.0957 5516 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:48:21.0958 5516 Stereo Service - ok
21:48:21.0972 5516 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:48:21.0973 5516 stexstor - ok
21:48:21.0994 5516 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:48:21.0997 5516 StiSvc - ok
21:48:22.0013 5516 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:48:22.0014 5516 storflt - ok
21:48:22.0036 5516 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:48:22.0038 5516 StorSvc - ok
21:48:22.0047 5516 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:48:22.0048 5516 storvsc - ok
21:48:22.0058 5516 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:48:22.0058 5516 swenum - ok
21:48:22.0074 5516 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:48:22.0076 5516 swprv - ok
21:48:22.0098 5516 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:48:22.0104 5516 SysMain - ok
21:48:22.0118 5516 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:48:22.0120 5516 TabletInputService - ok
21:48:22.0133 5516 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:48:22.0135 5516 TapiSrv - ok
21:48:22.0142 5516 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:48:22.0144 5516 TBS - ok
21:48:22.0184 5516 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:48:22.0189 5516 Tcpip - ok
21:48:22.0217 5516 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:48:22.0222 5516 TCPIP6 - ok
21:48:22.0254 5516 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:48:22.0255 5516 tcpipreg - ok
21:48:22.0266 5516 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:48:22.0267 5516 TDPIPE - ok
21:48:22.0281 5516 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:48:22.0282 5516 TDTCP - ok
21:48:22.0285 5516 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:48:22.0286 5516 tdx - ok
21:48:22.0296 5516 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:48:22.0296 5516 TermDD - ok
21:48:22.0308 5516 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:48:22.0311 5516 TermService - ok
21:48:22.0323 5516 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:48:22.0325 5516 Themes - ok
21:48:22.0335 5516 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:48:22.0337 5516 THREADORDER - ok
21:48:22.0342 5516 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:48:22.0344 5516 TrkWks - ok
21:48:22.0411 5516 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:48:22.0412 5516 TrustedInstaller - ok
21:48:22.0425 5516 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:22.0426 5516 tssecsrv - ok
21:48:22.0459 5516 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:48:22.0460 5516 TsUsbFlt - ok
21:48:22.0493 5516 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:48:22.0494 5516 TsUsbGD - ok
21:48:22.0522 5516 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:48:22.0523 5516 tunnel - ok
21:48:22.0530 5516 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:48:22.0531 5516 uagp35 - ok
21:48:22.0543 5516 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:48:22.0546 5516 udfs - ok
21:48:22.0558 5516 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:48:22.0560 5516 UI0Detect - ok
21:48:22.0574 5516 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:48:22.0576 5516 uliagpkx - ok
21:48:22.0590 5516 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:48:22.0590 5516 umbus - ok
21:48:22.0616 5516 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
21:48:22.0617 5516 UmPass - ok
21:48:22.0673 5516 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:48:22.0676 5516 UmRdpService - ok
21:48:22.0706 5516 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:48:22.0709 5516 upnphost - ok
21:48:22.0723 5516 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:22.0724 5516 usbccgp - ok
21:48:22.0737 5516 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:48:22.0738 5516 usbcir - ok
21:48:22.0744 5516 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:48:22.0744 5516 usbehci - ok
21:48:22.0763 5516 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:48:22.0765 5516 usbhub - ok
21:48:22.0773 5516 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:48:22.0773 5516 usbohci - ok
21:48:22.0780 5516 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:48:22.0781 5516 usbprint - ok
21:48:22.0783 5516 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:22.0785 5516 USBSTOR - ok
21:48:22.0788 5516 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:48:22.0789 5516 usbuhci - ok
21:48:22.0801 5516 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:48:22.0803 5516 UxSms - ok
21:48:22.0807 5516 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:48:22.0808 5516 VaultSvc - ok
21:48:22.0813 5516 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:48:22.0814 5516 vdrvroot - ok
21:48:22.0820 5516 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:48:22.0824 5516 vds - ok
21:48:22.0841 5516 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:22.0842 5516 vga - ok
21:48:22.0848 5516 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:48:22.0849 5516 VgaSave - ok
21:48:22.0858 5516 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:48:22.0860 5516 vhdmp - ok
21:48:22.0862 5516 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:48:22.0863 5516 viaagp - ok
21:48:22.0866 5516 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:48:22.0867 5516 ViaC7 - ok
21:48:22.0872 5516 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:48:22.0872 5516 viaide - ok
21:48:22.0880 5516 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:48:22.0882 5516 vmbus - ok
21:48:22.0888 5516 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:48:22.0889 5516 VMBusHID - ok
21:48:22.0892 5516 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:48:22.0892 5516 volmgr - ok
21:48:22.0907 5516 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:48:22.0908 5516 volmgrx - ok
21:48:22.0917 5516 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:48:22.0919 5516 volsnap - ok
21:48:22.0922 5516 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:48:22.0924 5516 vsmraid - ok
21:48:22.0943 5516 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:48:22.0949 5516 VSS - ok
21:48:22.0955 5516 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:48:22.0955 5516 vwifibus - ok
21:48:22.0965 5516 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:48:22.0968 5516 W32Time - ok
21:48:22.0975 5516 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:48:22.0976 5516 WacomPen - ok
21:48:22.0990 5516 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:48:22.0990 5516 WANARP - ok
21:48:22.0992 5516 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:48:22.0993 5516 Wanarpv6 - ok
21:48:23.0040 5516 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:48:23.0053 5516 WatAdminSvc - ok
21:48:23.0081 5516 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:48:23.0087 5516 wbengine - ok
21:48:23.0099 5516 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:48:23.0101 5516 WbioSrvc - ok
21:48:23.0117 5516 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:48:23.0120 5516 wcncsvc - ok
21:48:23.0126 5516 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:48:23.0128 5516 WcsPlugInService - ok
21:48:23.0130 5516 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
21:48:23.0131 5516 Wd - ok
21:48:23.0160 5516 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:48:23.0163 5516 Wdf01000 - ok
21:48:23.0169 5516 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:48:23.0171 5516 WdiServiceHost - ok
21:48:23.0173 5516 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:48:23.0175 5516 WdiSystemHost - ok
21:48:23.0186 5516 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:48:23.0188 5516 WebClient - ok
21:48:23.0197 5516 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:48:23.0199 5516 Wecsvc - ok
21:48:23.0209 5516 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:48:23.0211 5516 wercplsupport - ok
21:48:23.0239 5516 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:48:23.0241 5516 WerSvc - ok
21:48:23.0267 5516 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:48:23.0267 5516 WfpLwf - ok
21:48:23.0269 5516 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:48:23.0270 5516 WIMMount - ok
21:48:23.0314 5516 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:48:23.0317 5516 WinDefend - ok
21:48:23.0321 5516 WinHttpAutoProxySvc - ok
21:48:23.0356 5516 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:48:23.0358 5516 Winmgmt - ok
21:48:23.0431 5516 WinRing0_1_2_0 - ok
21:48:23.0477 5516 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:48:23.0484 5516 WinRM - ok
21:48:23.0515 5516 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:48:23.0520 5516 Wlansvc - ok
21:48:23.0523 5516 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:48:23.0524 5516 WmiAcpi - ok
21:48:23.0536 5516 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:48:23.0537 5516 wmiApSrv - ok
21:48:23.0568 5516 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:48:23.0573 5516 WMPNetworkSvc - ok
21:48:23.0589 5516 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:48:23.0591 5516 WPCSvc - ok
21:48:23.0605 5516 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:48:23.0607 5516 WPDBusEnum - ok
21:48:23.0616 5516 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:48:23.0617 5516 ws2ifsl - ok
21:48:23.0619 5516 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
21:48:23.0621 5516 wscsvc - ok
21:48:23.0623 5516 WSearch - ok
21:48:23.0676 5516 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:48:23.0685 5516 wuauserv - ok
21:48:23.0715 5516 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:48:23.0716 5516 WudfPf - ok
21:48:23.0732 5516 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:23.0734 5516 WUDFRd - ok
21:48:23.0740 5516 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:48:23.0742 5516 wudfsvc - ok
21:48:23.0756 5516 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:48:23.0759 5516 WwanSvc - ok
21:48:23.0795 5516 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
21:48:23.0795 5516 Yontoo Desktop Updater - ok
21:48:23.0819 5516 ================ Scan global ===============================
21:48:23.0840 5516 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:48:23.0864 5516 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:48:23.0869 5516 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:48:23.0880 5516 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:48:23.0898 5516 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:48:23.0900 5516 [Global] - ok
21:48:23.0901 5516 ================ Scan MBR ==================================
21:48:23.0907 5516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:48:24.0083 5516 \Device\Harddisk0\DR0 - ok
21:48:24.0083 5516 ================ Scan VBR ==================================
21:48:24.0085 5516 [ C64E87B545A7EF643D6CF028E95AF09A ] \Device\Harddisk0\DR0\Partition1
21:48:24.0086 5516 \Device\Harddisk0\DR0\Partition1 - ok
21:48:24.0086 5516 ================ Scan active images ========================
21:48:24.0087 5516 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
21:48:24.0087 5516 C:\Windows\System32\drivers\crashdmp.sys - ok
21:48:24.0090 5516 [ 5428227D4730EBDFC842E9FB593F8C8A ] C:\Windows\System32\drivers\Dumpata.sys
21:48:24.0090 5516 C:\Windows\System32\drivers\Dumpata.sys - ok
21:48:24.0092 5516 [ 338C86357871C167A96AB976519BF59E ] C:\Windows\System32\drivers\atapi.sys
21:48:24.0092 5516 C:\Windows\System32\drivers\atapi.sys - ok
21:48:24.0094 5516 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
21:48:24.0094 5516 C:\Windows\System32\drivers\dumpfve.sys - ok
21:48:24.0097 5516 [ 687AF6BB383885FF6A64071B189A7F3E ] C:\Windows\System32\drivers\dtsoftbus01.sys
21:48:24.0097 5516 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
21:48:24.0100 5516 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
21:48:24.0100 5516 C:\Windows\System32\drivers\beep.sys - ok
21:48:24.0102 5516 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
21:48:24.0102 5516 C:\Windows\System32\drivers\cdrom.sys - ok
21:48:24.0105 5516 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
21:48:24.0105 5516 C:\Windows\System32\drivers\null.sys - ok
21:48:24.0107 5516 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
21:48:24.0107 5516 C:\Windows\System32\drivers\RDPCDD.sys - ok
21:48:24.0110 5516 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
21:48:24.0110 5516 C:\Windows\System32\drivers\RDPENCDD.sys - ok
21:48:24.0113 5516 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
21:48:24.0113 5516 C:\Windows\System32\drivers\RDPREFMP.sys - ok
21:48:24.0116 5516 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
21:48:24.0116 5516 C:\Windows\System32\drivers\vga.sys - ok
21:48:24.0118 5516 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
21:48:24.0118 5516 C:\Windows\System32\drivers\videoprt.sys - ok
21:48:24.0121 5516 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
21:48:24.0121 5516 C:\Windows\System32\drivers\watchdog.sys - ok
21:48:24.0123 5516 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
21:48:24.0123 5516 C:\Windows\System32\drivers\msfs.sys - ok
21:48:24.0126 5516 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
21:48:24.0126 5516 C:\Windows\System32\drivers\npfs.sys - ok
21:48:24.0129 5516 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
21:48:24.0129 5516 C:\Windows\System32\drivers\tdi.sys - ok
21:48:24.0131 5516 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
21:48:24.0131 5516 C:\Windows\System32\drivers\tdx.sys - ok
21:48:24.0134 5516 [ 52448A41CF1769CB3627677A0509627B ] C:\Windows\System32\drivers\avgtdix.sys
21:48:24.0134 5516 C:\Windows\System32\drivers\avgtdix.sys - ok
21:48:24.0137 5516 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
21:48:24.0137 5516 C:\Windows\System32\drivers\afd.sys - ok
21:48:24.0139 5516 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
21:48:24.0139 5516 C:\Windows\System32\drivers\netbt.sys - ok
21:48:24.0142 5516 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
21:48:24.0142 5516 C:\Windows\System32\drivers\ws2ifsl.sys - ok
21:48:24.0145 5516 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
21:48:24.0145 5516 C:\Windows\System32\drivers\netbios.sys - ok
21:48:24.0147 5516 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
21:48:24.0147 5516 C:\Windows\System32\drivers\pacer.sys - ok
21:48:24.0150 5516 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] C:\Windows\System32\drivers\serial.sys
21:48:24.0150 5516 C:\Windows\System32\drivers\serial.sys - ok
21:48:24.0153 5516 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
21:48:24.0153 5516 C:\Windows\System32\drivers\wanarp.sys - ok
21:48:24.0155 5516 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
21:48:24.0155 5516 C:\Windows\System32\drivers\wfplwf.sys - ok
21:48:24.0158 5516 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
21:48:24.0158 5516 C:\Windows\System32\drivers\nsiproxy.sys - ok
21:48:24.0161 5516 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
21:48:24.0161 5516 C:\Windows\System32\drivers\rdbss.sys - ok
21:48:24.0163 5516 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
21:48:24.0163 5516 C:\Windows\System32\drivers\termdd.sys - ok
21:48:24.0166 5516 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
21:48:24.0166 5516 C:\Windows\System32\drivers\discache.sys - ok
21:48:24.0169 5516 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
21:48:24.0169 5516 C:\Windows\System32\drivers\mssmbios.sys - ok
21:48:24.0171 5516 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] C:\Windows\System32\drivers\csc.sys
21:48:24.0171 5516 C:\Windows\System32\drivers\csc.sys - ok
21:48:24.0174 5516 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
21:48:24.0174 5516 C:\Windows\System32\drivers\blbdrive.sys - ok
21:48:24.0177 5516 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
21:48:24.0177 5516 C:\Windows\System32\drivers\dfsc.sys - ok
21:48:24.0179 5516 [ 08FA13787D77A75DC413E27FD92B44E8 ] C:\Windows\System32\drivers\avgldx86.sys
21:48:24.0179 5516 C:\Windows\System32\drivers\avgldx86.sys - ok
21:48:24.0182 5516 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] C:\Windows\System32\drivers\amdppm.sys
21:48:24.0182 5516 C:\Windows\System32\drivers\amdppm.sys - ok
21:48:24.0185 5516 [ 1A2213B7D94944861449CB07BF2D099E ] C:\Windows\System32\drivers\avgidsdriverx.sys
21:48:24.0185 5516 C:\Windows\System32\drivers\avgidsdriverx.sys - ok
21:48:24.0187 5516 [ A426B2DC795531D99E2EE1952AEC051A ] C:\Windows\System32\drivers\avgidsshimx.sys
21:48:24.0187 5516 C:\Windows\System32\drivers\avgidsshimx.sys - ok
21:48:24.0190 5516 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
21:48:24.0190 5516 C:\Windows\System32\drivers\tunnel.sys - ok
21:48:24.0193 5516 [ 0217679B8FCA58714C3BF2726D2CA84E ] C:\Windows\System32\drivers\wmiacpi.sys
21:48:24.0193 5516 C:\Windows\System32\drivers\wmiacpi.sys - ok
21:48:24.0195 5516 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
21:48:24.0195 5516 C:\Windows\System32\ntdll.dll - ok
21:48:24.0198 5516 [ DE91DCC7BC55E940979097E98F743205 ] C:\Windows\System32\smss.exe
21:48:24.0198 5516 C:\Windows\System32\smss.exe - ok
21:48:24.0200 5516 [ 0B2E7B39411FAA44EBDA76FB38673964 ] C:\Windows\System32\drivers\nvlddmkm.sys
21:48:24.0201 5516 C:\Windows\System32\drivers\nvlddmkm.sys - ok
21:48:24.0203 5516 [ 23F5D28378A160352BA8F817BD8C71CB ] C:\Windows\System32\drivers\dxgkrnl.sys
21:48:24.0203 5516 C:\Windows\System32\drivers\dxgkrnl.sys - ok
21:48:24.0206 5516 [ D458D1C7F1D49869000668E3C3BB0D4D ] C:\Windows\System32\drivers\dxgmms1.sys
21:48:24.0206 5516 C:\Windows\System32\drivers\dxgmms1.sys - ok
21:48:24.0209 5516 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
21:48:24.0209 5516 C:\Windows\System32\drivers\hdaudbus.sys - ok
21:48:24.0211 5516 [ 6A2586DCB5B04A52404699EB325DF1DB ] C:\Windows\System32\drivers\Rt86win7.sys
21:48:24.0211 5516 C:\Windows\System32\drivers\Rt86win7.sys - ok
21:48:24.0214 5516 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
21:48:24.0214 5516 C:\Windows\System32\drivers\usbehci.sys - ok
21:48:24.0216 5516 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] C:\Windows\System32\drivers\usbohci.sys
21:48:24.0216 5516 C:\Windows\System32\drivers\usbohci.sys - ok
21:48:24.0219 5516 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
21:48:24.0219 5516 C:\Windows\System32\drivers\usbport.sys - ok
21:48:24.0222 5516 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
21:48:24.0222 5516 C:\Windows\System32\drivers\i8042prt.sys - ok
21:48:24.0224 5516 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] C:\Windows\System32\drivers\serenum.sys
21:48:24.0224 5516 C:\Windows\System32\drivers\serenum.sys - ok
21:48:24.0227 5516 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
21:48:24.0227 5516 C:\Windows\System32\drivers\agilevpn.sys - ok
21:48:24.0230 5516 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
21:48:24.0230 5516 C:\Windows\System32\drivers\CompositeBus.sys - ok
21:48:24.0232 5516 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
21:48:24.0232 5516 C:\Windows\System32\drivers\kbdclass.sys - ok
21:48:24.0235 5516 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
21:48:24.0235 5516 C:\Windows\System32\drivers\ndistapi.sys - ok
21:48:24.0238 5516 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
21:48:24.0238 5516 C:\Windows\System32\drivers\rasl2tp.sys - ok
21:48:24.0241 5516 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
21:48:24.0241 5516 C:\Windows\System32\drivers\ndiswan.sys - ok
21:48:24.0243 5516 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
21:48:24.0243 5516 C:\Windows\System32\drivers\raspppoe.sys - ok
21:48:24.0246 5516 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
21:48:24.0246 5516 C:\Windows\System32\drivers\raspptp.sys - ok
21:48:24.0249 5516 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
21:48:24.0249 5516 C:\Windows\System32\drivers\rassstp.sys - ok
21:48:24.0252 5516 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
21:48:24.0252 5516 C:\Windows\System32\drivers\ks.sys - ok
21:48:24.0254 5516 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
21:48:24.0254 5516 C:\Windows\System32\drivers\mouclass.sys - ok
21:48:24.0257 5516 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
21:48:24.0257 5516 C:\Windows\System32\drivers\rdpbus.sys - ok
21:48:24.0260 5516 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
21:48:24.0260 5516 C:\Windows\System32\drivers\swenum.sys - ok
21:48:24.0262 5516 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
21:48:24.0262 5516 C:\Windows\System32\drivers\umbus.sys - ok
21:48:24.0265 5516 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
21:48:24.0265 5516 C:\Windows\System32\drivers\usbhub.sys - ok
21:48:24.0268 5516 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
21:48:24.0268 5516 C:\Windows\System32\drivers\ndproxy.sys - ok
21:48:24.0270 5516 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
21:48:24.0270 5516 C:\Windows\System32\drivers\drmk.sys - ok
21:48:24.0273 5516 [ A5EF29D5315111C80A5C1ABAD14C8972 ] C:\Windows\System32\drivers\HdAudio.sys
21:48:24.0273 5516 C:\Windows\System32\drivers\HdAudio.sys - ok
21:48:24.0275 5516 [ A103F2A100B091809A120A1463BC9EB5 ] C:\Windows\System32\drivers\nvhda32v.sys
21:48:24.0276 5516 C:\Windows\System32\drivers\nvhda32v.sys - ok
21:48:24.0278 5516 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
21:48:24.0278 5516 C:\Windows\System32\drivers\portcls.sys - ok
21:48:24.0281 5516 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
21:48:24.0281 5516 C:\Windows\System32\autochk.exe - ok
21:48:24.0284 5516 [ B9CB6D4E5A30968330F6E32ACB945641 ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
21:48:24.0284 5516 C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok
21:48:24.0286 5516 [ 3B3D5E94A5F24417BE2C179DDD883702 ] C:\Program Files\AVG\AVG2013\avgsysx.dll
21:48:24.0286 5516 C:\Program Files\AVG\AVG2013\avgsysx.dll - ok
21:48:24.0289 5516 [ 21139ED432EFB4A8CDF715862DBDF9E0 ] C:\Program Files\AVG\AVG2013\avglogx.dll
21:48:24.0289 5516 C:\Program Files\AVG\AVG2013\avglogx.dll - ok
21:48:24.0292 5516 [ AE4D9DC676A2517DEE3E51978BCFE47C ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll
21:48:24.0292 5516 C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok
21:48:24.0294 5516 [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
21:48:24.0294 5516 C:\Windows\System32\drivers\usbccgp.sys - ok
21:48:24.0297 5516 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
21:48:24.0297 5516 C:\Windows\System32\drivers\usbd.sys - ok
21:48:24.0300 5516 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
21:48:24.0300 5516 C:\Windows\System32\drivers\hidparse.sys - ok
21:48:24.0302 5516 [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
21:48:24.0302 5516 C:\Windows\System32\drivers\hidclass.sys - ok
21:48:24.0305 5516 [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
21:48:24.0305 5516 C:\Windows\System32\drivers\hidusb.sys - ok
21:48:24.0307 5516 [ 9E3CED91863E6EE98C24794D05E27A71 ] C:\Windows\System32\drivers\kbdhid.sys
21:48:24.0307 5516 C:\Windows\System32\drivers\kbdhid.sys - ok
21:48:24.0310 5516 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
21:48:24.0310 5516 C:\Windows\System32\drivers\mouhid.sys - ok
21:48:24.0313 5516 [ 172BE63FE4CCB653446687BFB97E61C9 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll
21:48:24.0313 5516 C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok
21:48:24.0316 5516 [ 6D2EDE5CC51FF35004BD07E9EF3E1996 ] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll
21:48:24.0316 5516 C:\PROGRA~1\AVG\AVG2013\avgcclix.dll - ok
21:48:24.0318 5516 [ 414F57444511B818DB23FA5CF89F3205 ] C:\PROGRA~1\AVG\AVG2013\avgclitx.dll
21:48:24.0318 5516 C:\PROGRA~1\AVG\AVG2013\avgclitx.dll - ok
21:48:24.0321 5516 [ 53B18D940D7155C49D507F076AF43554 ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe
21:48:24.0321 5516 C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok
21:48:24.0323 5516 [ C9F44E08EF18BE1139386095360B0E39 ] C:\Program Files\AVG\AVG2013\avgcorex.dll
21:48:24.0323 5516 C:\Program Files\AVG\AVG2013\avgcorex.dll - ok
21:48:24.0326 5516 [ 32DFEEF66057184481ECC3C6116CE895 ] C:\Program Files\AVG\AVG2013\avgcertx.dll
21:48:24.0326 5516 C:\Program Files\AVG\AVG2013\avgcertx.dll - ok
21:48:24.0329 5516 [ 2E967B05E5D1EF57632819BDC54F19B1 ] C:\Program Files\AVG\AVG2013\avgchclx.dll
21:48:24.0329 5516 C:\Program Files\AVG\AVG2013\avgchclx.dll - ok
21:48:24.0331 5516 [ 40E12972BB73C2927E19553E30EAEE3C ] C:\Program Files\AVG\AVG2013\avgcommx.dll
21:48:24.0331 5516 C:\Program Files\AVG\AVG2013\avgcommx.dll - ok
21:48:24.0334 5516 [ 099D9F937F6EE23672391B3A5BD6D7E5 ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll
21:48:24.0334 5516 C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok
21:48:24.0337 5516 [ 9BDDA34DC4890169DE5BA21134B33EFB ] C:\Windows\System32\iertutil.dll
21:48:24.0337 5516 C:\Windows\System32\iertutil.dll - ok
21:48:24.0339 5516 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
21:48:24.0339 5516 C:\Windows\System32\imagehlp.dll - ok
21:48:24.0342 5516 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
21:48:24.0342 5516 C:\Windows\System32\ole32.dll - ok
21:48:24.0343 5516 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
21:48:24.0343 5516 C:\Windows\System32\oleaut32.dll - ok
21:48:24.0346 5516 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
21:48:24.0346 5516 C:\Windows\System32\advapi32.dll - ok
21:48:24.0349 5516 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
21:48:24.0349 5516 C:\Windows\System32\difxapi.dll - ok
21:48:24.0351 5516 [ 4E7F83E1F6AEFA38E270EA7353D6911E ] C:\Windows\System32\urlmon.dll
21:48:24.0351 5516 C:\Windows\System32\urlmon.dll - ok
21:48:24.0354 5516 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
21:48:24.0354 5516 C:\Windows\System32\Wldap32.dll - ok
21:48:24.0356 5516 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
21:48:24.0356 5516 C:\Windows\System32\ws2_32.dll - ok
21:48:24.0359 5516 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\System32\shell32.dll
21:48:24.0359 5516 C:\Windows\System32\shell32.dll - ok
21:48:24.0362 5516 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
21:48:24.0362 5516 C:\Windows\System32\clbcatq.dll - ok
21:48:24.0364 5516 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
21:48:24.0364 5516 C:\Windows\System32\gdi32.dll - ok
21:48:24.0367 5516 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
21:48:24.0367 5516 C:\Windows\System32\msvcrt.dll - ok
21:48:24.0369 5516 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
21:48:24.0369 5516 C:\Windows\System32\normaliz.dll - ok
21:48:24.0372 5516 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
21:48:24.0372 5516 C:\Windows\System32\sechost.dll - ok
21:48:24.0374 5516 [ C5B6468422DB1C8AA36C32CBB0197E5E ] C:\Windows\System32\wininet.dll
21:48:24.0374 5516 C:\Windows\System32\wininet.dll - ok
21:48:24.0377 5516 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
21:48:24.0377 5516 C:\Windows\System32\comdlg32.dll - ok
21:48:24.0380 5516 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
21:48:24.0380 5516 C:\Windows\System32\imm32.dll - ok
21:48:24.0382 5516 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
21:48:24.0382 5516 C:\Windows\System32\lpk.dll - ok
21:48:24.0385 5516 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
21:48:24.0385 5516 C:\Windows\System32\psapi.dll - ok
21:48:24.0387 5516 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
21:48:24.0387 5516 C:\Windows\System32\rpcrt4.dll - ok
21:48:24.0390 5516 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
21:48:24.0390 5516 C:\Windows\System32\setupapi.dll - ok
21:48:24.0392 5516 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
21:48:24.0392 5516 C:\Windows\System32\shlwapi.dll - ok
21:48:24.0395 5516 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
21:48:24.0395 5516 C:\Windows\System32\user32.dll - ok
21:48:24.0397 5516 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
21:48:24.0397 5516 C:\Windows\System32\crypt32.dll - ok
21:48:24.0400 5516 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
21:48:24.0400 5516 C:\Windows\System32\devobj.dll - ok
21:48:24.0403 5516 [ AE09B85158C66E2C154C5C9B3C0027B3 ] C:\Windows\System32\kernel32.dll
21:48:24.0403 5516 C:\Windows\System32\kernel32.dll - ok
21:48:24.0405 5516 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
21:48:24.0405 5516 C:\Windows\System32\msctf.dll - ok
21:48:24.0408 5516 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
21:48:24.0408 5516 C:\Windows\System32\nsi.dll - ok
21:48:24.0410 5516 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\System32\usp10.dll
21:48:24.0410 5516 C:\Windows\System32\usp10.dll - ok
21:48:24.0413 5516 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
21:48:24.0413 5516 C:\Windows\System32\wintrust.dll - ok
21:48:24.0416 5516 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
21:48:24.0416 5516 C:\Windows\System32\cfgmgr32.dll - ok
21:48:24.0418 5516 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
21:48:24.0418 5516 C:\Windows\System32\comctl32.dll - ok
21:48:24.0421 5516 [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll
21:48:24.0421 5516 C:\Windows\System32\KernelBase.dll - ok
21:48:24.0423 5516 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
21:48:24.0423 5516 C:\Windows\System32\msasn1.dll - ok
21:48:24.0426 5516 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
21:48:24.0426 5516 C:\Windows\System32\drivers\dxapi.sys - ok
21:48:24.0428 5516 [ 6FCC2090F055F5C96236DCD057DD705D ] C:\Windows\System32\win32k.sys
21:48:24.0428 5516 C:\Windows\System32\win32k.sys - ok
21:48:24.0431 5516 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
21:48:24.0431 5516 C:\Windows\System32\basesrv.dll - ok
21:48:24.0434 5516 [ 23AB7E36551C6BA5370EF7F05142F0EB ] C:\Windows\System32\csrsrv.dll
21:48:24.0434 5516 C:\Windows\System32\csrsrv.dll - ok
21:48:24.0436 5516 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
21:48:24.0436 5516 C:\Windows\System32\csrss.exe - ok
21:48:24.0439 5516 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll
21:48:24.0439 5516 C:\Windows\System32\winsrv.dll - ok
21:48:24.0441 5516 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
21:48:24.0441 5516 C:\Windows\System32\drivers\monitor.sys - ok
21:48:24.0444 5516 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
21:48:24.0444 5516 C:\Windows\System32\tsddd.dll - ok
21:48:24.0446 5516 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
21:48:24.0446 5516 C:\Windows\System32\profapi.dll - ok
21:48:24.0449 5516 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
21:48:24.0449 5516 C:\Windows\System32\sxssrv.dll - ok
21:48:24.0452 5516 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
21:48:24.0452 5516 C:\Windows\System32\wininit.exe - ok
21:48:24.0454 5516 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
21:48:24.0454 5516 C:\Windows\System32\cdd.dll - ok
21:48:24.0457 5516 [ 6A9AE9E58036D951F54F6803D1732AC3 ] C:\PROGRA~2\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL
21:48:24.0457 5516 C:\PROGRA~2\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL - ok
21:48:24.0459 5516 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
21:48:24.0459 5516 C:\Windows\System32\sxs.dll - ok
21:48:24.0462 5516 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
21:48:24.0462 5516 C:\Windows\System32\version.dll - ok
21:48:24.0464 5516 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
21:48:24.0465 5516 C:\Windows\System32\winhttp.dll - ok
21:48:24.0467 5516 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
21:48:24.0467 5516 C:\Windows\System32\KBDUS.DLL - ok
21:48:24.0470 5516 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
21:48:24.0470 5516 C:\Windows\System32\RpcRtRemote.dll - ok
21:48:24.0472 5516 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
21:48:24.0472 5516 C:\Windows\System32\webio.dll - ok
21:48:24.0475 5516 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
21:48:24.0475 5516 C:\Windows\System32\WlS0WndH.dll - ok
21:48:24.0477 5516 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
21:48:24.0477 5516 C:\Windows\System32\cryptbase.dll - ok
21:48:24.0480 5516 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
21:48:24.0480 5516 C:\Windows\System32\apphelp.dll - ok
21:48:24.0483 5516 [ 444430C44727B5F22B4DC17284798EBD ] C:\Windows\System32\lsasrv.dll
21:48:24.0483 5516 C:\Windows\System32\lsasrv.dll - ok
21:48:24.0485 5516 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
21:48:24.0485 5516 C:\Windows\System32\lsass.exe - ok
21:48:24.0488 5516 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
21:48:24.0488 5516 C:\Windows\System32\lsm.exe - ok
21:48:24.0490 5516 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
21:48:24.0490 5516 C:\Windows\System32\scext.dll - ok
21:48:24.0493 5516 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
21:48:24.0493 5516 C:\Windows\System32\services.exe - ok
21:48:24.0495 5516 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
21:48:24.0495 5516 C:\Windows\System32\sspicli.dll - ok
21:48:24.0498 5516 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
21:48:24.0498 5516 C:\Windows\System32\sspisrv.dll - ok
21:48:24.0501 5516 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
21:48:24.0501 5516 C:\Windows\System32\aelupsvc.dll - ok
21:48:24.0503 5516 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
21:48:24.0503 5516 C:\Windows\System32\cngaudit.dll - ok
21:48:24.0506 5516 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
21:48:24.0506 5516 C:\Windows\System32\cryptdll.dll - ok
21:48:24.0508 5516 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
21:48:24.0508 5516 C:\Windows\System32\samsrv.dll - ok
21:48:24.0511 5516 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
21:48:24.0511 5516 C:\Windows\System32\scesrv.dll - ok
21:48:24.0513 5516 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
21:48:24.0513 5516 C:\Windows\System32\secur32.dll - ok
21:48:24.0516 5516 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
21:48:24.0516 5516 C:\Windows\System32\srvcli.dll - ok
21:48:24.0519 5516 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
21:48:24.0519 5516 C:\Windows\System32\sysntfy.dll - ok
21:48:24.0521 5516 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
21:48:24.0521 5516 C:\Windows\System32\wevtapi.dll - ok
21:48:24.0524 5516 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
21:48:24.0524 5516 C:\Windows\System32\wmsgapi.dll - ok
21:48:24.0526 5516 [ 18A54E132947CD98FEA9ACCC57F98F13 ] C:\Windows\System32\alg.exe
21:48:24.0526 5516 C:\Windows\System32\alg.exe - ok
21:48:24.0529 5516 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
21:48:24.0529 5516 C:\Windows\System32\authz.dll - ok
21:48:24.0531 5516 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
21:48:24.0531 5516 C:\Windows\System32\bcrypt.dll - ok
21:48:24.0534 5516 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
21:48:24.0534 5516 C:\Windows\System32\ncrypt.dll - ok
21:48:24.0536 5516 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
21:48:24.0536 5516 C:\Windows\System32\winlogon.exe - ok
21:48:24.0539 5516 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
21:48:24.0539 5516 C:\Windows\System32\winsta.dll - ok
21:48:24.0541 5516 [ 62A9C86CB6085E20DB4823E4E97826F5 ] C:\Windows\System32\appidsvc.dll
21:48:24.0541 5516 C:\Windows\System32\appidsvc.dll - ok
21:48:24.0544 5516 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
21:48:24.0544 5516 C:\Windows\System32\cryptsp.dll - ok
21:48:24.0547 5516 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
21:48:24.0547 5516 C:\Windows\System32\kerberos.dll - ok
21:48:24.0550 5516 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
21:48:24.0550 5516 C:\Windows\System32\msprivs.dll - ok
21:48:24.0552 5516 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
21:48:24.0552 5516 C:\Windows\System32\mswsock.dll - ok
21:48:24.0555 5516 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
21:48:24.0555 5516 C:\Windows\System32\negoexts.dll - ok
21:48:24.0557 5516 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
21:48:24.0557 5516 C:\Windows\System32\netjoin.dll - ok
21:48:24.0560 5516 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
21:48:24.0560 5516 C:\Windows\System32\dnsapi.dll - ok
21:48:24.0562 5516 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
21:48:24.0562 5516 C:\Windows\System32\logoncli.dll - ok
21:48:24.0565 5516 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
21:48:24.0565 5516 C:\Windows\System32\msv1_0.dll - ok
21:48:24.0568 5516 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
21:48:24.0568 5516 C:\Windows\System32\netlogon.dll - ok
21:48:24.0570 5516 [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\System32\schannel.dll
21:48:24.0570 5516 C:\Windows\System32\schannel.dll - ok
21:48:24.0573 5516 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
21:48:24.0573 5516 C:\Windows\System32\wdigest.dll - ok
21:48:24.0575 5516 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
21:48:24.0575 5516 C:\Windows\System32\wship6.dll - ok
21:48:24.0578 5516 [ FB1959012294D6AD43E5304DF65E3C26 ] C:\Windows\System32\appinfo.dll
21:48:24.0578 5516 C:\Windows\System32\appinfo.dll - ok
21:48:24.0580 5516 [ A45D184DF6A8803DA13A0B329517A64A ] C:\Windows\System32\appmgmts.dll
21:48:24.0580 5516 C:\Windows\System32\appmgmts.dll - ok
21:48:24.0583 5516 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
21:48:24.0583 5516 C:\Windows\System32\bcryptprimitives.dll - ok
21:48:24.0586 5516 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
21:48:24.0586 5516 C:\Windows\System32\efslsaext.dll - ok
21:48:24.0588 5516 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
21:48:24.0588 5516 C:\Windows\System32\pku2u.dll - ok
21:48:24.0591 5516 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
21:48:24.0591 5516 C:\Windows\System32\rsaenh.dll - ok
21:48:24.0592 5516 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
21:48:24.0592 5516 C:\Windows\System32\TSpkg.dll - ok
21:48:24.0595 5516 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
21:48:24.0595 5516 C:\Windows\System32\audiosrv.dll - ok
21:48:24.0598 5516 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
21:48:24.0598 5516 C:\Windows\System32\credssp.dll - ok
21:48:24.0600 5516 [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
21:48:24.0600 5516 C:\Windows\System32\rascfg.dll - ok
21:48:24.0603 5516 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] C:\Windows\System32\AxInstSv.dll
21:48:24.0603 5516 C:\Windows\System32\AxInstSv.dll - ok
21:48:24.0605 5516 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
21:48:24.0605 5516 C:\Windows\System32\scecli.dll - ok
21:48:24.0608 5516 [ EE1E9C3BB8228AE423DD38DB69128E71 ] C:\Windows\System32\bdesvc.dll
21:48:24.0608 5516 C:\Windows\System32\bdesvc.dll - ok
21:48:24.0610 5516 [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
21:48:24.0610 5516 C:\Windows\System32\BFE.DLL - ok
21:48:24.0613 5516 [ E585445D5021971FAE10393F0F1C3961 ] C:\Windows\System32\qmgr.dll
21:48:24.0613 5516 C:\Windows\System32\qmgr.dll - ok
21:48:24.0615 5516 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
21:48:24.0616 5516 C:\Windows\System32\browser.dll - ok
21:48:24.0618 5516 [ 1180159EE45AD1B110F6E482F244899E ] C:\Windows\System32\bridgeres.dll
21:48:24.0618 5516 C:\Windows\System32\bridgeres.dll - ok
21:48:24.0621 5516 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] C:\Windows\System32\bthserv.dll
21:48:24.0621 5516 C:\Windows\System32\bthserv.dll - ok
21:48:24.0623 5516 [ 319C6B309773D063541D01DF8AC6F55F ] C:\Windows\System32\certprop.dll
21:48:24.0623 5516 C:\Windows\System32\certprop.dll - ok
21:48:24.0626 5516 [ 635181E0E9BBF16871BF5380D71DB02D ] C:\Windows\System32\clfs.sys
21:48:24.0626 5516 C:\Windows\System32\clfs.sys - ok
21:48:24.0628 5516 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
21:48:24.0628 5516 C:\Windows\System32\comres.dll - ok
21:48:24.0631 5516 [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
21:48:24.0631 5516 C:\Windows\System32\cryptsvc.dll - ok
21:48:24.0634 5516 [ 15F93B37F6801943360D9EB42485D5D3 ] C:\Windows\System32\cscsvc.dll
21:48:24.0634 5516 C:\Windows\System32\cscsvc.dll - ok
21:48:24.0636 5516 [ 370E6FB6F6FF1B3DAC7F1182AC493BB6 ] C:\Windows\System32\oleres.dll
21:48:24.0636 5516 C:\Windows\System32\oleres.dll - ok
21:48:24.0639 5516 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] C:\Windows\System32\defragsvc.dll
21:48:24.0639 5516 C:\Windows\System32\defragsvc.dll - ok
21:48:24.0641 5516 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
21:48:24.0641 5516 C:\Windows\System32\dhcpcore.dll - ok
21:48:24.0644 5516 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] C:\Windows\System32\dot3svc.dll
21:48:24.0644 5516 C:\Windows\System32\dot3svc.dll - ok
21:48:24.0647 5516 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
21:48:24.0647 5516 C:\Windows\System32\dps.dll - ok
21:48:24.0649 5516 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
21:48:24.0649 5516 C:\Windows\System32\eapsvc.dll - ok
21:48:24.0652 5516 [ A8C362018EFC87BEB013EE28F29C0863 ] C:\Windows\ehome\ehrecvr.exe
21:48:24.0652 5516 C:\Windows\ehome\ehrecvr.exe - ok
21:48:24.0654 5516 [ 00A99DA54C14969A899ED316D16E9A9E ] C:\Windows\System32\efssvc.dll
21:48:24.0654 5516 C:\Windows\System32\efssvc.dll - ok
21:48:24.0657 5516 [ D389BFF34F80CAEDE417BF9D1507996A ] C:\Windows\ehome\ehsched.exe
21:48:24.0657 5516 C:\Windows\ehome\ehsched.exe - ok
21:48:24.0659 5516 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
21:48:24.0659 5516 C:\Windows\System32\FXSRESM.dll - ok
21:48:24.0662 5516 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
21:48:24.0662 5516 C:\Windows\System32\wevtsvc.dll - ok
21:48:24.0665 5516 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
21:48:24.0665 5516 C:\Windows\System32\fdPHost.dll - ok
21:48:24.0667 5516 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
21:48:24.0667 5516 C:\Windows\System32\FDResPub.dll - ok
21:48:24.0670 5516 [ 6CF00369C97F3CF563BE99BE983D13D8 ] C:\Windows\System32\drivers\fileinfo.sys
21:48:24.0670 5516 C:\Windows\System32\drivers\fileinfo.sys - ok
21:48:24.0673 5516 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] C:\Windows\System32\drivers\filetrace.sys
21:48:24.0673 5516 C:\Windows\System32\drivers\filetrace.sys - ok
21:48:24.0675 5516 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
21:48:24.0675 5516 C:\Windows\System32\drivers\fltMgr.sys - ok
21:48:24.0678 5516 [ E12C4928B32ACE04610259647F072635 ] C:\Windows\System32\FntCache.dll
21:48:24.0678 5516 C:\Windows\System32\FntCache.dll - ok
21:48:24.0680 5516 [ 6A08F1C87BBF6197F5DAD95CF41E5175 ] C:\Windows\System32\PresentationHost.exe
21:48:24.0680 5516 C:\Windows\System32\PresentationHost.exe - ok
21:48:24.0683 5516 [ 1A16B57943853E598CFF37FE2B8CBF1D ] C:\Windows\System32\drivers\fsdepends.sys
21:48:24.0683 5516 C:\Windows\System32\drivers\fsdepends.sys - ok
21:48:24.0686 5516 [ E306A24D9694C724FA2491278BF50FDB ] C:\Windows\System32\drivers\fvevol.sys
21:48:24.0686 5516 C:\Windows\System32\drivers\fvevol.sys - ok
21:48:24.0688 5516 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
21:48:24.0689 5516 C:\Windows\System32\gpapi.dll - ok
21:48:24.0691 5516 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
21:48:24.0691 5516 C:\Windows\System32\hidserv.dll - ok
21:48:24.0694 5516 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] C:\Windows\System32\KMSVC.DLL
21:48:24.0694 5516 C:\Windows\System32\KMSVC.DLL - ok
21:48:24.0696 5516 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] C:\Windows\System32\ListSvc.dll
21:48:24.0696 5516 C:\Windows\System32\ListSvc.dll - ok
21:48:24.0699 5516 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
21:48:24.0699 5516 C:\Windows\System32\drivers\http.sys - ok
21:48:24.0701 5516 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
21:48:24.0701 5516 C:\Windows\System32\provsvc.dll - ok
21:48:24.0704 5516 [ 68F94A45AB26C06221B6BF5C491436D8 ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
21:48:24.0704 5516 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
21:48:24.0707 5516 [ 0C4E035C7F105F1299258C90886C64C5 ] C:\Windows\System32\drivers\hwpolicy.sys
21:48:24.0707 5516 C:\Windows\System32\drivers\hwpolicy.sys - ok
21:48:24.0710 5516 [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL
21:48:24.0710 5516 C:\Windows\System32\IKEEXT.DLL - ok
21:48:24.0712 5516 [ 42996CFF20A3084A56017B7902307E9F ] C:\Windows\System32\drivers\irenum.sys
21:48:24.0712 5516 C:\Windows\System32\drivers\irenum.sys - ok
21:48:24.0715 5516 [ ACB364B9075A45C0736E5C47BE5CAE19 ] C:\Windows\System32\IPBusEnum.dll
21:48:24.0715 5516 C:\Windows\System32\IPBusEnum.dll - ok
21:48:24.0718 5516 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
21:48:24.0718 5516 C:\Windows\System32\iphlpsvc.dll - ok
21:48:24.0720 5516 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
21:48:24.0720 5516 C:\Windows\System32\keyiso.dll - ok
21:48:24.0723 5516 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
21:48:24.0723 5516 C:\Windows\System32\srvsvc.dll - ok
21:48:24.0725 5516 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
21:48:24.0725 5516 C:\Windows\System32\wkssvc.dll - ok
21:48:24.0728 5516 [ F7807FFF85E636D53A0C2C2CD8BCDC5F ] C:\Windows\ehome\ehres.dll
21:48:24.0728 5516 C:\Windows\ehome\ehres.dll - ok
21:48:24.0730 5516 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
21:48:24.0730 5516 C:\Windows\System32\drivers\luafv.sys - ok
21:48:24.0733 5516 [ 276678C13E3F01E9EC32ED7E56B4FEA0 ] C:\Windows\System32\lltdres.dll
21:48:24.0733 5516 C:\Windows\System32\lltdres.dll - ok
21:48:24.0735 5516 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
21:48:24.0735 5516 C:\Windows\System32\lmhsvc.dll - ok
21:48:24.0738 5516 [ FC8771F45ECCCFD89684E38842539B9B ] C:\Windows\System32\drivers\mountmgr.sys
21:48:24.0738 5516 C:\Windows\System32\drivers\mountmgr.sys - ok
21:48:24.0741 5516 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
21:48:24.0741 5516 C:\Windows\System32\FirewallAPI.dll - ok
21:48:24.0743 5516 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
21:48:24.0743 5516 C:\Windows\System32\mmcss.dll - ok
21:48:24.0746 5516 [ A9D880F97530D5B8FEE278923349929D ] C:\Windows\System32\WebClnt.dll
21:48:24.0746 5516 C:\Windows\System32\WebClnt.dll - ok
21:48:24.0748 5516 [ 3E1E5767043C5AF9367F0056295E9F84 ] C:\Windows\System32\drivers\mshidkmdf.sys
21:48:24.0748 5516 C:\Windows\System32\drivers\mshidkmdf.sys - ok
21:48:24.0751 5516 [ BB5B4BA716D145B2ADF241052EDAB983 ] C:\Windows\System32\iscsidsc.dll
21:48:24.0751 5516 C:\Windows\System32\iscsidsc.dll - ok
21:48:24.0754 5516 [ 159FAD02F64E6381758C990F753BCC80 ] C:\Windows\System32\drivers\mup.sys
21:48:24.0754 5516 C:\Windows\System32\drivers\mup.sys - ok
21:48:24.0756 5516 [ 1F59B386F652A0484A3CC0B680B1132B ] C:\Windows\System32\msimsg.dll
21:48:24.0756 5516 C:\Windows\System32\msimsg.dll - ok
21:48:24.0759 5516 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
21:48:24.0759 5516 C:\Windows\System32\QAGENTRT.DLL - ok
21:48:24.0762 5516 [ 8C9C922D71F1CD4DEF73F186416B7896 ] C:\Windows\System32\drivers\ndis.sys
21:48:24.0762 5516 C:\Windows\System32\drivers\ndis.sys - ok
21:48:24.0765 5516 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
21:48:24.0765 5516 C:\Windows\System32\netman.dll - ok
21:48:24.0768 5516 [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
21:48:24.0768 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
21:48:24.0771 5516 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] C:\Windows\System32\drivers\partmgr.sys
21:48:24.0771 5516 C:\Windows\System32\drivers\partmgr.sys - ok
21:48:24.0773 5516 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
21:48:24.0773 5516 C:\Windows\System32\netprofm.dll - ok
21:48:24.0776 5516 [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
21:48:24.0776 5516 C:\Windows\System32\nlasvc.dll - ok
21:48:24.0778 5516 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
21:48:24.0778 5516 C:\Windows\System32\nsisvc.dll - ok
21:48:24.0781 5516 [ 59C3DDD501E39E006DAC31BF55150D91 ] C:\Windows\System32\p2psvc.dll
21:48:24.0781 5516 C:\Windows\System32\p2psvc.dll - ok
21:48:24.0784 5516 [ 82A8521DDC60710C3D3D3E7325209BEC ] C:\Windows\System32\pnrpsvc.dll
21:48:24.0784 5516 C:\Windows\System32\pnrpsvc.dll - ok
21:48:24.0786 5516 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
21:48:24.0786 5516 C:\Windows\System32\pcasvc.dll - ok
21:48:24.0789 5516 [ AF4D64D2A57B9772CF3801950B8058A6 ] C:\Windows\System32\PeerDistSvc.dll
21:48:24.0789 5516 C:\Windows\System32\PeerDistSvc.dll - ok
21:48:24.0791 5516 [ 414BBA67A3DED1D28437EB66AEB8A720 ] C:\Windows\System32\pla.dll
21:48:24.0791 5516 C:\Windows\System32\pla.dll - ok
21:48:24.0794 5516 [ 63FF8572611249931EB16BB8EED6AFC8 ] C:\Windows\System32\pnrpauto.dll
21:48:24.0794 5516 C:\Windows\System32\pnrpauto.dll - ok
21:48:24.0796 5516 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
21:48:24.0796 5516 C:\Windows\System32\umpnpmgr.dll - ok
21:48:24.0799 5516 [ 0E6DCD164732580CC1E57276252F49CF ] C:\Windows\System32\polstore.dll
21:48:24.0799 5516 C:\Windows\System32\polstore.dll - ok
21:48:24.0802 5516 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
21:48:24.0802 5516 C:\Windows\System32\profsvc.dll - ok
21:48:24.0804 5516 [ 274992D0945889A6B56D0E1BD4288A6E ] C:\Windows\System32\psbase.dll
21:48:24.0804 5516 C:\Windows\System32\psbase.dll - ok
21:48:24.0807 5516 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
21:48:24.0807 5516 C:\Windows\System32\umpo.dll - ok
21:48:24.0809 5516 [ 584078CA1B95CA72DF2A27C336F9719D ] C:\Windows\System32\drivers\qwavedrv.sys
21:48:24.0809 5516 C:\Windows\System32\drivers\qwavedrv.sys - ok
21:48:24.0812 5516 [ 31AC809E7707EB580B2BDB760390765A ] C:\Windows\System32\qwave.dll
21:48:24.0812 5516 C:\Windows\System32\qwave.dll - ok
21:48:24.0815 5516 [ A60F1839849C0C00739787FD5EC03F13 ] C:\Windows\System32\rasauto.dll
21:48:24.0815 5516 C:\Windows\System32\rasauto.dll - ok
21:48:24.0817 5516 [ CB9E04DC05EACF5B9A36CA276D475006 ] C:\Windows\System32\rasmans.dll
21:48:24.0817 5516 C:\Windows\System32\rasmans.dll - ok
21:48:24.0820 5516 [ 7B5E1419717FAC363A31CC302895217A ] C:\Windows\System32\mprdim.dll
21:48:24.0820 5516 C:\Windows\System32\mprdim.dll - ok
21:48:24.0822 5516 [ CB9A8683F4EF2BF99E123D79950D7935 ] C:\Windows\System32\regsvc.dll
21:48:24.0822 5516 C:\Windows\System32\regsvc.dll - ok
21:48:24.0825 5516 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
21:48:24.0825 5516 C:\Windows\System32\sstpsvc.dll - ok
21:48:24.0827 5516 [ 0693B5EC673E34DC147E195779A4DCF6 ] C:\Windows\System32\drivers\scfilter.sys
21:48:24.0827 5516 C:\Windows\System32\drivers\scfilter.sys - ok
21:48:24.0830 5516 [ 94D36C0E44677DD26981D2BFEEF2A29D ] C:\Windows\System32\Locator.exe
21:48:24.0830 5516 C:\Windows\System32\Locator.exe - ok
21:48:24.0833 5516 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
21:48:24.0833 5516 C:\Windows\System32\RpcEpMap.dll - ok
21:48:24.0835 5516 [ 8FC518FFE9519C2631D37515A68009C4 ] C:\Windows\System32\SCardSvr.dll
21:48:24.0835 5516 C:\Windows\System32\SCardSvr.dll - ok
21:48:24.0838 5516 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
21:48:24.0838 5516 C:\Windows\System32\schedsvc.dll - ok
21:48:24.0840 5516 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] C:\Windows\System32\sdrsvc.dll
21:48:24.0841 5516 C:\Windows\System32\sdrsvc.dll - ok
21:48:24.0842 5516 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
21:48:24.0842 5516 C:\Windows\System32\seclogon.dll - ok
21:48:24.0845 5516 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
21:48:24.0845 5516 C:\Windows\System32\Sens.dll - ok
21:48:24.0847 5516 [ 50087FE1EE447009C9CC2997B90DE53F ] C:\Windows\System32\sensrsvc.dll
21:48:24.0847 5516 C:\Windows\System32\sensrsvc.dll - ok
21:48:24.0850 5516 [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
21:48:24.0850 5516 C:\Windows\System32\ipnathlp.dll - ok
21:48:24.0853 5516 [ 4AE380F39A0032EAB7DD953030B26D28 ] C:\Windows\System32\SessEnv.dll
21:48:24.0853 5516 C:\Windows\System32\SessEnv.dll - ok
21:48:24.0855 5516 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
21:48:24.0855 5516 C:\Windows\System32\shsvcs.dll - ok
21:48:24.0858 5516 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
21:48:24.0858 5516 C:\Windows\System32\snmptrap.exe - ok
21:48:24.0860 5516 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
21:48:24.0860 5516 C:\Windows\System32\spoolsv.exe - ok
21:48:24.0863 5516 [ CAFC0B884E5590B5E80D84F592388B3D ] C:\Windows\System32\tcpipcfg.dll
21:48:24.0863 5516 C:\Windows\System32\tcpipcfg.dll - ok
21:48:24.0865 5516 [ CF87A1DE791347E75B98885214CED2B8 ] C:\Windows\System32\sppsvc.exe
21:48:24.0866 5516 C:\Windows\System32\sppsvc.exe - ok
21:48:24.0868 5516 [ B0180B20B065D89232A78A40FE56EAA6 ] C:\Windows\System32\sppuinotify.dll
21:48:24.0868 5516 C:\Windows\System32\sppuinotify.dll - ok
21:48:24.0871 5516 [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
21:48:24.0871 5516 C:\Windows\System32\ssdpsrv.dll - ok
21:48:24.0873 5516 [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
21:48:24.0873 5516 C:\Windows\System32\wiaservc.dll - ok
21:48:24.0876 5516 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] C:\Windows\System32\StorSvc.dll
21:48:24.0876 5516 C:\Windows\System32\StorSvc.dll - ok
21:48:24.0878 5516 [ B0AC902EFD7E46708014625ECEB25741 ] C:\Windows\System32\vmstorfltres.dll
21:48:24.0878 5516 C:\Windows\System32\vmstorfltres.dll - ok
21:48:24.0881 5516 [ A28BD92DF340E57B024BA433165D34D7 ] C:\Windows\System32\swprv.dll
21:48:24.0881 5516 C:\Windows\System32\swprv.dll - ok
21:48:24.0883 5516 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
21:48:24.0883 5516 C:\Windows\System32\sysmain.dll - ok
21:48:24.0886 5516 [ 763FECDC3D30C815FE72DD57936C6CD1 ] C:\Windows\System32\TabSvc.dll
21:48:24.0886 5516 C:\Windows\System32\TabSvc.dll - ok
21:48:24.0888 5516 [ 613BF4820361543956909043A265C6AC ] C:\Windows\System32\tapisrv.dll
21:48:24.0888 5516 C:\Windows\System32\tapisrv.dll - ok
21:48:24.0891 5516 [ B799D9FDB26111737F58288D8DC172D9 ] C:\Windows\System32\tbssvc.dll
21:48:24.0891 5516 C:\Windows\System32\tbssvc.dll - ok
21:48:24.0893 5516 [ 382C804C92811BE57829D8E550A900E2 ] C:\Windows\System32\termsrv.dll
21:48:24.0893 5516 C:\Windows\System32\termsrv.dll - ok
21:48:24.0896 5516 [ 2C49B175AEE1D4364B91B531417FE583 ] C:\Windows\servicing\TrustedInstaller.exe
21:48:24.0896 5516 C:\Windows\servicing\TrustedInstaller.exe - ok
21:48:24.0899 5516 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
21:48:24.0899 5516 C:\Windows\System32\themeservice.dll - ok
21:48:24.0901 5516 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
21:48:24.0901 5516 C:\Windows\System32\trkwks.dll - ok
21:48:24.0904 5516 [ 254BB140EEE3C59D6114C1A86B636877 ] C:\Windows\System32\drivers\tssecsrv.sys
21:48:24.0904 5516 C:\Windows\System32\drivers\tssecsrv.sys - ok
21:48:24.0907 5516 [ 9CE253214ACAA5A7D323327D2055EFAA ] C:\Windows\System32\drivers\TsUsbFlt.sys
21:48:24.0907 5516 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
21:48:24.0909 5516 [ 8344FD4FCE927880AA1AA7681D4927E5 ] C:\Windows\System32\UI0Detect.exe
21:48:24.0909 5516 C:\Windows\System32\UI0Detect.exe - ok
21:48:24.0912 5516 [ 409994A8EACEEE4E328749C0353527A0 ] C:\Windows\System32\umrdp.dll
21:48:24.0912 5516 C:\Windows\System32\umrdp.dll - ok
21:48:24.0914 5516 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
21:48:24.0914 5516 C:\Windows\System32\dwm.exe - ok
21:48:24.0917 5516 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\System32\upnphost.dll
21:48:24.0917 5516 C:\Windows\System32\upnphost.dll - ok
21:48:24.0920 5516 [ 6FEC7B9A76B41D9AC67615A3040017F5 ] C:\Windows\System32\vaultsvc.dll
21:48:24.0920 5516 C:\Windows\System32\vaultsvc.dll - ok
21:48:24.0922 5516 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] C:\Windows\System32\vds.exe
21:48:24.0922 5516 C:\Windows\System32\vds.exe - ok
21:48:24.0925 5516 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] C:\Windows\System32\drivers\volmgrx.sys
21:48:24.0925 5516 C:\Windows\System32\drivers\volmgrx.sys - ok
21:48:24.0927 5516 [ 209A3B1901B83AEB8527ED211CCE9E4C ] C:\Windows\System32\VSSVC.exe
21:48:24.0927 5516 C:\Windows\System32\VSSVC.exe - ok
21:48:24.0930 5516 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
21:48:24.0930 5516 C:\Windows\System32\drivers\vwifibus.sys - ok
21:48:24.0933 5516 [ 55187FD710E27D5095D10A472C8BAF1C ] C:\Windows\System32\w32time.dll
21:48:24.0933 5516 C:\Windows\System32\w32time.dll - ok
21:48:24.0935 5516 [ 6F3705B2E59AC26FDA582BF5826F9D21 ] C:\Windows\System32\Wat\WatUX.exe
21:48:24.0935 5516 C:\Windows\System32\Wat\WatUX.exe - ok
21:48:24.0938 5516 [ 691E3285E53DCA558E1A84667F13E15A ] C:\Windows\System32\wbengine.exe
21:48:24.0938 5516 C:\Windows\System32\wbengine.exe - ok
21:48:24.0940 5516 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] C:\Windows\System32\wbiosrvc.dll
21:48:24.0940 5516 C:\Windows\System32\wbiosrvc.dll - ok
21:48:24.0943 5516 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys
21:48:24.0943 5516 C:\Windows\System32\drivers\Wdf01000.sys - ok
21:48:24.0946 5516 [ 34EEE0DFAADB4F691D6D5308A51315DC ] C:\Windows\System32\wcncsvc.dll
21:48:24.0946 5516 C:\Windows\System32\wcncsvc.dll - ok
21:48:24.0948 5516 [ 5D930B6357A6D2AF4D7653BDABBF352F ] C:\Windows\System32\WcsPlugInService.dll
21:48:24.0948 5516 C:\Windows\System32\WcsPlugInService.dll - ok
21:48:24.0951 5516 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
21:48:24.0951 5516 C:\Windows\System32\wdi.dll - ok
21:48:24.0953 5516 [ 760F0AFE937A77CFF27153206534F275 ] C:\Windows\System32\wecsvc.dll
21:48:24.0953 5516 C:\Windows\System32\wecsvc.dll - ok
21:48:24.0956 5516 [ AC804569BB2364FB6017370258A4091B ] C:\Windows\System32\wercplsupport.dll
21:48:24.0956 5516 C:\Windows\System32\wercplsupport.dll - ok
21:48:24.0959 5516 [ EFD4E29FED530564BE4C3076C806FB65 ] C:\Program Files\Windows Defender\MsMpRes.dll
21:48:24.0959 5516 C:\Program Files\Windows Defender\MsMpRes.dll - ok
21:48:24.0961 5516 [ 08E420D873E4FD85241EE2421B02C4A4 ] C:\Windows\System32\wersvc.dll
21:48:24.0961 5516 C:\Windows\System32\wersvc.dll - ok
21:48:24.0964 5516 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
21:48:24.0964 5516 C:\Windows\System32\wbem\WMIsvc.dll - ok
21:48:24.0966 5516 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] C:\Windows\System32\WsmSvc.dll
21:48:24.0966 5516 C:\Windows\System32\WsmSvc.dll - ok
21:48:24.0969 5516 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
21:48:24.0969 5516 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
21:48:24.0972 5516 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] C:\Windows\System32\wbem\WmiApSrv.exe
21:48:24.0972 5516 C:\Windows\System32\wbem\WmiApSrv.exe - ok
21:48:24.0974 5516 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
21:48:24.0974 5516 C:\Windows\System32\wlansvc.dll - ok
21:48:24.0977 5516 [ A2F0EC770A92F2B3F9DE6D518E11409C ] C:\Windows\System32\wpcsvc.dll
21:48:24.0977 5516 C:\Windows\System32\wpcsvc.dll - ok
21:48:24.0979 5516 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
21:48:24.0979 5516 C:\Windows\System32\wpdbusenum.dll - ok
21:48:24.0982 5516 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
21:48:24.0982 5516 C:\Windows\System32\wscsvc.dll - ok
21:48:24.0985 5516 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
21:48:24.0985 5516 C:\Windows\System32\SearchIndexer.exe - ok
21:48:24.0987 5516 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
21:48:24.0987 5516 C:\Windows\System32\wuaueng.dll - ok
21:48:24.0990 5516 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
21:48:24.0990 5516 C:\Windows\System32\drivers\WUDFPf.sys - ok
21:48:24.0993 5516 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
21:48:24.0993 5516 C:\Windows\System32\WUDFSvc.dll - ok
21:48:24.0995 5516 [ FF2D745B560F7C71B31F30F4D49F73D2 ] C:\Windows\System32\wwansvc.dll
21:48:24.0995 5516 C:\Windows\System32\wwansvc.dll - ok
21:48:24.0998 5516 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
21:48:24.0998 5516 C:\Windows\System32\ubpm.dll - ok
21:48:25.0000 5516 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
21:48:25.0000 5516 C:\Windows\System32\devrtl.dll - ok
21:48:25.0003 5516 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
21:48:25.0003 5516 C:\Windows\System32\SPInf.dll - ok
21:48:25.0005 5516 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
21:48:25.0005 5516 C:\Windows\System32\svchost.exe - ok
21:48:25.0008 5516 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
21:48:25.0008 5516 C:\Windows\System32\userenv.dll - ok
21:48:25.0011 5516 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
21:48:25.0011 5516 C:\Windows\System32\pcwum.dll - ok
21:48:25.0013 5516 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
21:48:25.0013 5516 C:\Windows\System32\powrprof.dll - ok
21:48:25.0016 5516 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\Windows\System32\drivers\mbam.sys
21:48:25.0016 5516 C:\Windows\System32\drivers\mbam.sys - ok
21:48:25.0018 5516 [ 439FD6A5A34113388C51C48D0E5092AA ] C:\Windows\System32\nvvsvc.exe
21:48:25.0018 5516 C:\Windows\System32\nvvsvc.exe - ok
21:48:25.0021 5516 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
21:48:25.0021 5516 C:\Windows\System32\wtsapi32.dll - ok
21:48:25.0024 5516 [ 81F177C1954453AF407604160BD149CB ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:48:25.0024 5516 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
21:48:25.0026 5516 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
21:48:25.0026 5516 C:\Windows\System32\winspool.drv - ok
21:48:25.0029 5516 [ F8100F4EB68509A4C273EAEA2F496E87 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll
21:48:25.0029 5516 C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll - ok
21:48:25.0032 5516 [ 196B8C78D423A3277C6D08FF74FE2FC2 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll
21:48:25.0032 5516 C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll - ok
21:48:25.0035 5516 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
21:48:25.0035 5516 C:\Windows\System32\ntmarta.dll - ok
21:48:25.0037 5516 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
21:48:25.0037 5516 C:\Windows\System32\rpcss.dll - ok
21:48:25.0040 5516 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
21:48:25.0040 5516 C:\Windows\System32\wshqos.dll - ok
21:48:25.0042 5516 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
21:48:25.0042 5516 C:\Windows\System32\WSHTCPIP.DLL - ok
21:48:25.0045 5516 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
21:48:25.0045 5516 C:\Windows\System32\LogonUI.exe - ok
21:48:25.0047 5516 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
21:48:25.0047 5516 C:\Windows\System32\authui.dll - ok
21:48:25.0050 5516 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
21:48:25.0050 5516 C:\Windows\System32\cryptui.dll - ok
21:48:25.0053 5516 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
21:48:25.0053 5516 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
21:48:25.0055 5516 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
21:48:25.0055 5516 C:\Windows\System32\propsys.dll - ok
21:48:25.0058 5516 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
21:48:25.0058 5516 C:\Windows\System32\samlib.dll - ok
21:48:25.0060 5516 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
21:48:25.0060 5516 C:\Windows\System32\shacct.dll - ok
21:48:25.0063 5516 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
21:48:25.0063 5516 C:\Windows\System32\avrt.dll - ok
21:48:25.0066 5516 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
21:48:25.0066 5516 C:\Windows\System32\dui70.dll - ok
21:48:25.0068 5516 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
21:48:25.0068 5516 C:\Windows\System32\MMDevAPI.dll - ok
21:48:25.0071 5516 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
21:48:25.0071 5516 C:\Windows\System32\uxtheme.dll - ok
21:48:25.0074 5516 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
21:48:25.0074 5516 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
21:48:25.0076 5516 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
21:48:25.0076 5516 C:\Windows\System32\duser.dll - ok
21:48:25.0079 5516 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
21:48:25.0079 5516 C:\Windows\System32\dwmapi.dll - ok
21:48:25.0081 5516 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
21:48:25.0082 5516 C:\Windows\System32\hid.dll - ok
21:48:25.0084 5516 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
21:48:25.0084 5516 C:\Windows\System32\SndVolSSO.dll - ok
21:48:25.0087 5516 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
21:48:25.0087 5516 C:\Windows\System32\xmllite.dll - ok
21:48:25.0089 5516 [ 3BCECD87AB4E6743BFB45B352AD1A529 ] C:\Windows\System32\WindowsCodecs.dll
21:48:25.0089 5516 C:\Windows\System32\WindowsCodecs.dll - ok
21:48:25.0092 5516 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
21:48:25.0092 5516 C:\Windows\System32\audiodg.exe - ok
21:48:25.0094 5516 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
21:48:25.0094 5516 C:\Windows\System32\BioCredProv.dll - ok
21:48:25.0096 5516 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
21:48:25.0097 5516 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
21:48:25.0099 5516 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
21:48:25.0099 5516 C:\Windows\System32\VaultCredProvider.dll - ok
21:48:25.0102 5516 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
21:48:25.0102 5516 C:\Windows\System32\winbrand.dll - ok
21:48:25.0104 5516 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
21:48:25.0104 5516 C:\Windows\System32\credui.dll - ok
21:48:25.0107 5516 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
21:48:25.0107 5516 C:\Windows\System32\netapi32.dll - ok
21:48:25.0109 5516 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
21:48:25.0109 5516 C:\Windows\System32\netutils.dll - ok
21:48:25.0112 5516 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
21:48:25.0112 5516 C:\Windows\System32\samcli.dll - ok
21:48:25.0115 5516 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
21:48:25.0115 5516 C:\Windows\System32\vaultcli.dll - ok
21:48:25.0117 5516 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
21:48:25.0117 5516 C:\Windows\System32\winbio.dll - ok
21:48:25.0120 5516 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
21:48:25.0120 5516 C:\Windows\System32\wkscli.dll - ok
21:48:25.0122 5516 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
21:48:25.0122 5516 C:\Windows\System32\certCredProvider.dll - ok
21:48:25.0125 5516 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
21:48:25.0125 5516 C:\Windows\System32\rasapi32.dll - ok
21:48:25.0127 5516 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
21:48:25.0127 5516 C:\Windows\System32\rasman.dll - ok
21:48:25.0130 5516 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
21:48:25.0130 5516 C:\Windows\System32\rasplap.dll - ok
21:48:25.0133 5516 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
21:48:25.0133 5516 C:\Windows\System32\rtutils.dll - ok
21:48:25.0135 5516 [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
21:48:25.0135 5516 C:\Windows\System32\PeerDist.dll - ok
21:48:25.0138 5516 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
21:48:25.0138 5516 C:\Windows\System32\atl.dll - ok
21:48:25.0140 5516 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
21:48:25.0140 5516 C:\Windows\System32\gpsvc.dll - ok
21:48:25.0143 5516 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
21:48:25.0143 5516 C:\Windows\System32\mstask.dll - ok
21:48:25.0145 5516 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
21:48:25.0145 5516 C:\Windows\System32\taskschd.dll - ok
21:48:25.0148 5516 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
21:48:25.0148 5516 C:\Windows\System32\wdmaud.drv - ok
21:48:25.0150 5516 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
21:48:25.0151 5516 C:\Windows\System32\winmm.dll - ok
21:48:25.0153 5516 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
21:48:25.0153 5516 C:\Windows\System32\dsrole.dll - ok
21:48:25.0155 5516 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
21:48:25.0155 5516 C:\Windows\System32\es.dll - ok
21:48:25.0158 5516 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
21:48:25.0158 5516 C:\Windows\System32\ksuser.dll - ok
21:48:25.0160 5516 [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
21:48:25.0160 5516 C:\Windows\System32\nlaapi.dll - ok
21:48:25.0163 5516 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
21:48:25.0163 5516 C:\Windows\System32\AudioSes.dll - ok
21:48:25.0166 5516 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
21:48:25.0166 5516 C:\Windows\System32\slc.dll - ok
21:48:25.0168 5516 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
21:48:25.0168 5516 C:\Windows\System32\UXInit.dll - ok
21:48:25.0171 5516 [ 5F3ABA05EEB7E797825E3F92FD75EC44 ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
21:48:25.0171 5516 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
21:48:25.0174 5516 [ C54BE341668D761C9AF09F21C161315F ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
21:48:25.0174 5516 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
21:48:25.0176 5516 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
21:48:25.0176 5516 C:\Windows\System32\drivers\lltdio.sys - ok
21:48:25.0179 5516 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
21:48:25.0179 5516 C:\Windows\System32\drivers\rspndr.sys - ok
21:48:25.0182 5516 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
21:48:25.0182 5516 C:\Windows\System32\IPHLPAPI.DLL - ok
21:48:25.0184 5516 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
21:48:25.0184 5516 C:\Windows\System32\midimap.dll - ok
21:48:25.0187 5516 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
21:48:25.0187 5516 C:\Windows\System32\msacm32.dll - ok
21:48:25.0189 5516 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
21:48:25.0189 5516 C:\Windows\System32\msacm32.drv - ok
21:48:25.0192 5516 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
21:48:25.0192 5516 C:\Windows\System32\nrpsrv.dll - ok
21:48:25.0194 5516 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
21:48:25.0194 5516 C:\Windows\System32\uxsms.dll - ok
21:48:25.0197 5516 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
21:48:25.0197 5516 C:\Windows\System32\winnsi.dll - ok
21:48:25.0200 5516 [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
21:48:25.0200 5516 C:\Windows\System32\dhcpcore6.dll - ok
21:48:25.0202 5516 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
21:48:25.0202 5516 C:\Windows\System32\AudioEng.dll - ok
21:48:25.0205 5516 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
21:48:25.0205 5516 C:\Windows\System32\AUDIOKSE.dll - ok
21:48:25.0207 5516 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
21:48:25.0207 5516 C:\Windows\System32\dnsrslvr.dll - ok
21:48:25.0210 5516 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
21:48:25.0210 5516 C:\Windows\System32\mscms.dll - ok
21:48:25.0212 5516 [ E10D29FC2E908D3B76D01448EFAC9E0F ] C:\Windows\System32\nvsvc.dll
21:48:25.0212 5516 C:\Windows\System32\nvsvc.dll - ok
21:48:25.0215 5516 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
21:48:25.0215 5516 C:\Windows\System32\FWPUCLNT.DLL - ok
21:48:25.0218 5516 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
21:48:25.0218 5516 C:\Windows\System32\mfplat.dll - ok
21:48:25.0220 5516 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
21:48:25.0220 5516 C:\Windows\System32\msimg32.dll - ok
21:48:25.0223 5516 [ C465CD7D13A8BBA6A3A5BFDC244369D8 ] C:\Windows\System32\nvapi.dll
21:48:25.0223 5516 C:\Windows\System32\nvapi.dll - ok
21:48:25.0225 5516 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
21:48:25.0225 5516 C:\Windows\System32\WMALFXGFXDSP.dll - ok
21:48:25.0228 5516 [ C180FD3672B69279D9D0417CC437A0C3 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
21:48:25.0228 5516 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
21:48:25.0231 5516 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
21:48:25.0231 5516 C:\Windows\System32\dnsext.dll - ok
21:48:25.0233 5516 [ 1BC3E8A082D723579A5A81C4BAF97E1F ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
21:48:25.0233 5516 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
21:48:25.0236 5516 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
21:48:25.0236 5516 C:\Windows\System32\dhcpcsvc.dll - ok
21:48:25.0239 5516 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
21:48:25.0239 5516 C:\Windows\System32\dhcpcsvc6.dll - ok
21:48:25.0241 5516 [ EDDF3BA1C25A7911ED3E1089CC28C6C3 ] C:\Windows\System32\nvcpl.dll
21:48:25.0241 5516 C:\Windows\System32\nvcpl.dll - ok
21:48:25.0244 5516 [ 50BA4B30E621B548C3016853C38ACAAE ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
21:48:25.0244 5516 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
21:48:25.0246 5516 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
21:48:25.0246 5516 C:\Windows\System32\ktmw32.dll - ok
21:48:25.0249 5516 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
21:48:25.0249 5516 C:\Windows\System32\oleacc.dll - ok
21:48:25.0252 5516 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
21:48:25.0252 5516 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
21:48:25.0255 5516 [ AFC2A157D81ADE9B37FF709E7DFBE47C ] C:\Windows\System32\nvumdshim.dll
21:48:25.0255 5516 C:\Windows\System32\nvumdshim.dll - ok
21:48:25.0258 5516 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
21:48:25.0258 5516 C:\Windows\System32\fveapi.dll - ok
21:48:25.0260 5516 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
21:48:25.0260 5516 C:\Windows\System32\fvecerts.dll - ok
21:48:25.0263 5516 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
21:48:25.0263 5516 C:\Windows\System32\tbs.dll - ok
21:48:25.0265 5516 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
21:48:25.0265 5516 C:\Windows\System32\wiarpc.dll - ok
21:48:25.0268 5516 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
21:48:25.0268 5516 C:\Windows\System32\imageres.dll - ok
21:48:25.0271 5516 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
21:48:25.0271 5516 C:\Windows\System32\taskcomp.dll - ok
21:48:25.0273 5516 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
21:48:25.0273 5516 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
21:48:25.0276 5516 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
21:48:25.0276 5516 C:\Windows\System32\adtschema.dll - ok
21:48:25.0279 5516 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
21:48:25.0279 5516 C:\Windows\System32\PSHED.DLL - ok
21:48:25.0281 5516 [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
21:48:25.0281 5516 C:\Windows\System32\MPSSVC.dll - ok
21:48:25.0284 5516 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
21:48:25.0284 5516 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
21:48:25.0287 5516 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
21:48:25.0287 5516 C:\Windows\System32\drivers\bowser.sys - ok
21:48:25.0290 5516 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
21:48:25.0290 5516 C:\Windows\System32\drivers\mpsdrv.sys - ok
21:48:25.0292 5516 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
21:48:25.0292 5516 C:\Windows\System32\drivers\mrxsmb.sys - ok
21:48:25.0295 5516 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
21:48:25.0295 5516 C:\Windows\System32\drivers\mrxsmb10.sys - ok
21:48:25.0297 5516 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
21:48:25.0297 5516 C:\Windows\System32\drivers\mrxsmb20.sys - ok
21:48:25.0300 5516 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
21:48:25.0300 5516 C:\Windows\System32\drivers\parport.sys - ok
21:48:25.0303 5516 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
21:48:25.0303 5516 C:\Windows\System32\wfapigp.dll - ok
21:48:25.0305 5516 [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:48:25.0305 5516 C:\Program Files\AVG\AVG2013\avgidsagent.exe - ok
21:48:25.0308 5516 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\System32\msvcp100.dll
21:48:25.0308 5516 C:\Windows\System32\msvcp100.dll - ok
21:48:25.0311 5516 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\System32\msvcr100.dll
21:48:25.0311 5516 C:\Windows\System32\msvcr100.dll - ok
21:48:25.0313 5516 [ 5BDB1E096DEA119A4D205ACB6E958175 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll
21:48:25.0313 5516 C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok
21:48:25.0316 5516 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
21:48:25.0316 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
21:48:25.0319 5516 [ DC98337F0D2A9F6C0B6FB682297ECE3B ] C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:48:25.0319 5516 C:\Program Files\AVG\AVG2013\avgwdsvc.exe - ok
21:48:25.0321 5516 [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
21:48:25.0321 5516 C:\Windows\System32\PeerDistSh.dll - ok
21:48:25.0324 5516 [ A86F5616EACB7155998011CEFFFB52F6 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
21:48:25.0324 5516 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
21:48:25.0327 5516 [ BBAD10F039069325326CDA0A68D55356 ] C:\Program Files\AVG\AVG2013\avgcfgx.dll
21:48:25.0327 5516 C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok
21:48:25.0329 5516 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
21:48:25.0330 5516 C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe - ok
21:48:25.0332 5516 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
21:48:25.0332 5516 C:\Windows\System32\sfc.dll - ok
21:48:25.0335 5516 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
21:48:25.0335 5516 C:\Windows\System32\sfc_os.dll - ok
21:48:25.0337 5516 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
21:48:25.0337 5516 C:\Windows\System32\cryptnet.dll - ok
21:48:25.0340 5516 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
21:48:25.0340 5516 C:\Windows\System32\vssapi.dll - ok
21:48:25.0343 5516 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
21:48:25.0343 5516 C:\Windows\System32\vsstrace.dll - ok
21:48:25.0344 5516 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
21:48:25.0344 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
21:48:25.0347 5516 [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:48:25.0347 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
21:48:25.0350 5516 [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
21:48:25.0350 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
21:48:25.0353 5516 [ 2003E9B15E1C502B146DAD2E383AC1E3 ] C:\Windows\System32\schtasks.exe
21:48:25.0353 5516 C:\Windows\System32\schtasks.exe - ok
21:48:25.0355 5516 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:48:25.0356 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
21:48:25.0358 5516 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
21:48:25.0358 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
21:48:25.0361 5516 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
21:48:25.0361 5516 C:\Windows\System32\mpr.dll - ok
21:48:25.0363 5516 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
21:48:25.0363 5516 C:\Windows\System32\drivers\PEAuth.sys - ok
21:48:25.0366 5516 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
21:48:25.0366 5516 C:\Windows\System32\ncsi.dll - ok
21:48:25.0369 5516 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
21:48:25.0369 5516 C:\Windows\System32\drivers\secdrv.sys - ok
21:48:25.0371 5516 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
21:48:25.0371 5516 C:\Windows\System32\ssdpapi.dll - ok
21:48:25.0374 5516 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] C:\Program Files\Skype\Updater\Updater.exe
21:48:25.0374 5516 C:\Program Files\Skype\Updater\Updater.exe - ok
21:48:25.0376 5516 [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe
21:48:25.0376 5516 C:\Windows\System32\conhost.exe - ok
21:48:25.0379 5516 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
21:48:25.0379 5516 C:\Windows\System32\drivers\srvnet.sys - ok
21:48:25.0382 5516 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
21:48:25.0382 5516 C:\Windows\System32\httpapi.dll - ok
21:48:25.0384 5516 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
21:48:25.0384 5516 C:\Windows\System32\drivers\tcpipreg.sys - ok
21:48:25.0387 5516 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
21:48:25.0387 5516 C:\Windows\System32\wbemcomn.dll - ok
21:48:25.0389 5516 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
21:48:25.0390 5516 C:\Windows\System32\ntdsapi.dll - ok
21:48:25.0392 5516 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
21:48:25.0392 5516 C:\Windows\System32\wbem\fastprox.dll - ok
21:48:25.0395 5516 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
21:48:25.0395 5516 C:\Windows\System32\wbem\wbemprox.dll - ok
21:48:25.0397 5516 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
21:48:25.0397 5516 C:\Windows\System32\wbem\WinMgmtR.dll - ok
21:48:25.0400 5516 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
21:48:25.0400 5516 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
21:48:25.0403 5516 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
21:48:25.0403 5516 C:\Windows\System32\wbem\esscli.dll - ok
21:48:25.0405 5516 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
21:48:25.0405 5516 C:\Windows\System32\wbem\wbemcore.dll - ok
21:48:25.0408 5516 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
21:48:25.0408 5516 C:\Windows\System32\wbem\wbemsvc.dll - ok
21:48:25.0411 5516 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
21:48:25.0411 5516 C:\Windows\System32\wbem\repdrvfs.dll - ok
21:48:25.0413 5516 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
21:48:25.0413 5516 C:\Windows\System32\wbem\wmiutils.dll - ok
21:48:25.0416 5516 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] C:\Program Files\Windows Defender\MpSvc.dll
21:48:25.0416 5516 C:\Program Files\Windows Defender\MpSvc.dll - ok
21:48:25.0419 5516 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] C:\Program Files\Yontoo\Y2Desktop.Updater.exe
21:48:25.0419 5516 C:\Program Files\Yontoo\Y2Desktop.Updater.exe - ok
21:48:25.0421 5516 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
21:48:25.0421 5516 C:\Windows\System32\mscoree.dll - ok
21:48:25.0424 5516 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
21:48:25.0424 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
21:48:25.0427 5516 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
21:48:25.0427 5516 C:\Windows\System32\ncobjapi.dll - ok
21:48:25.0429 5516 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
21:48:25.0429 5516 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
21:48:25.0432 5516 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
21:48:25.0432 5516 C:\Windows\System32\wbem\wbemess.dll - ok
21:48:25.0435 5516 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
21:48:25.0435 5516 C:\Program Files\Windows Defender\MpClient.dll - ok
21:48:25.0437 5516 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21:48:25.0437 5516 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
21:48:25.0440 5516 [ BEA22322EA2DFE41CF7CE22A6EDE08EA ] C:\Program Files\AVG\AVG2013\avgwd.dll
21:48:25.0440 5516 C:\Program Files\AVG\AVG2013\avgwd.dll - ok
21:48:25.0443 5516 [ 7F2A2DDA32A0CDF28868864A87A05B23 ] C:\Program Files\AVG\AVG2013\avgsecapix.dll
21:48:25.0443 5516 C:\Program Files\AVG\AVG2013\avgsecapix.dll - ok
21:48:25.0445 5516 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
21:48:25.0445 5516 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
21:48:25.0448 5516 [ 1931311AF80A54A4FE8F0862820FE015 ] C:\Program Files\AVG\AVG2013\avgwdwsc.dll
21:48:25.0448 5516 C:\Program Files\AVG\AVG2013\avgwdwsc.dll - ok
21:48:25.0451 5516 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
21:48:25.0451 5516 C:\Windows\System32\wscapi.dll - ok
21:48:25.0453 5516 [ E365ABAA34D50987B33E02E53AEC30B4 ] C:\Program Files\AVG\AVG2013\avgnsx.exe
21:48:25.0453 5516 C:\Program Files\AVG\AVG2013\avgnsx.exe - ok
21:48:25.0456 5516 [ C899F9459AF5358B7B9C3B6D19647B8B ] C:\Program Files\AVG\AVG2013\avgemcx.exe
21:48:25.0456 5516 C:\Program Files\AVG\AVG2013\avgemcx.exe - ok
21:48:25.0459 5516 [ 9BB7B70D35A073C419005E1B74CD184D ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
21:48:25.0459 5516 C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok
21:48:25.0461 5516 [ 6A0A8D20469EFD39A4A3463A88811A57 ] C:\Program Files\AVG\AVG2013\avgsched.dll
21:48:25.0461 5516 C:\Program Files\AVG\AVG2013\avgsched.dll - ok
21:48:25.0464 5516 [ 91CA748B04BF0E2CAB06BE29116E05C5 ] C:\Program Files\AVG\AVG2013\avgidpsdkx.dll
21:48:25.0464 5516 C:\Program Files\AVG\AVG2013\avgidpsdkx.dll - ok
21:48:25.0467 5516 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
21:48:25.0467 5516 C:\Windows\System32\SensApi.dll - ok
21:48:25.0470 5516 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
21:48:25.0470 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
21:48:25.0472 5516 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21:48:25.0472 5516 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
21:48:25.0475 5516 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
21:48:25.0475 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
21:48:25.0478 5516 [ 7765680E25E329708CB034B180CF9FCD ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
21:48:25.0478 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll - ok
21:48:25.0481 5516 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
21:48:25.0481 5516 C:\Windows\System32\drivers\srv2.sys - ok
21:48:25.0484 5516 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
21:48:25.0484 5516 C:\Windows\System32\drivers\srv.sys - ok
21:48:25.0486 5516 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
21:48:25.0486 5516 C:\Windows\System32\sqmapi.dll - ok
21:48:25.0489 5516 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
21:48:25.0489 5516 C:\Windows\System32\wdscore.dll - ok
21:48:25.0492 5516 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
21:48:25.0492 5516 C:\Windows\System32\eappprxy.dll - ok
21:48:25.0494 5516 [ B2E1E4A16EDD02396F451F915FA3CBFA ] C:\Windows\System32\rastapi.dll
21:48:25.0494 5516 C:\Windows\System32\rastapi.dll - ok
21:48:25.0497 5516 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
21:48:25.0497 5516 C:\Windows\System32\tapi32.dll - ok
21:48:25.0499 5516 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
21:48:25.0499 5516 C:\Windows\System32\netcfgx.dll - ok
21:48:25.0502 5516 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
21:48:25.0502 5516 C:\Windows\System32\netmsg.dll - ok
21:48:25.0505 5516 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
21:48:25.0505 5516 C:\Windows\System32\hnetcfg.dll - ok
21:48:25.0507 5516 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
21:48:25.0507 5516 C:\Windows\System32\nci.dll - ok
21:48:25.0510 5516 [ 377F0C1DDBFA6A43CB7E7568BC0ECED0 ] C:\Windows\System32\unimdm.tsp
21:48:25.0510 5516 C:\Windows\System32\unimdm.tsp - ok
21:48:25.0512 5516 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
21:48:25.0512 5516 C:\Windows\System32\sscore.dll - ok
21:48:25.0515 5516 [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
21:48:25.0515 5516 C:\Windows\System32\uniplat.dll - ok
21:48:25.0517 5516 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
21:48:25.0517 5516 C:\Windows\System32\clusapi.dll - ok
21:48:25.0520 5516 [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
21:48:25.0520 5516 C:\Windows\System32\kmddsp.tsp - ok
21:48:25.0522 5516 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
21:48:25.0523 5516 C:\Windows\System32\resutils.dll - ok
21:48:25.0525 5516 [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
21:48:25.0525 5516 C:\Windows\System32\ndptsp.tsp - ok
21:48:25.0528 5516 [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
21:48:25.0528 5516 C:\Windows\System32\hidphone.tsp - ok
21:48:25.0530 5516 [ 67F9B5C7E215B48F9256757E9CC09A7B ] C:\Windows\System32\rasppp.dll
21:48:25.0530 5516 C:\Windows\System32\rasppp.dll - ok
21:48:25.0533 5516 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
21:48:25.0533 5516 C:\Windows\System32\eappcfg.dll - ok
21:48:25.0536 5516 [ 80B562B5B59ED850C328DD75F964F3D8 ] C:\Windows\System32\vpnike.dll
21:48:25.0536 5516 C:\Windows\System32\vpnike.dll - ok
21:48:25.0538 5516 [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\System32\raschap.dll
21:48:25.0538 5516 C:\Windows\System32\raschap.dll - ok
21:48:25.0541 5516 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
21:48:25.0541 5516 C:\Windows\System32\mprapi.dll - ok
21:48:25.0543 5516 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
21:48:25.0543 5516 C:\Windows\System32\netshell.dll - ok
21:48:25.0546 5516 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
21:48:25.0546 5516 C:\Windows\System32\rasadhlp.dll - ok
21:48:25.0548 5516 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
21:48:25.0548 5516 C:\Windows\System32\diagperf.dll - ok
21:48:25.0551 5516 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
21:48:25.0551 5516 C:\Windows\System32\perftrack.dll - ok
21:48:25.0554 5516 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
21:48:25.0554 5516 C:\Windows\System32\Apphlpdm.dll - ok
21:48:25.0556 5516 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
21:48:25.0556 5516 C:\Windows\System32\wer.dll - ok
21:48:25.0559 5516 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
21:48:25.0559 5516 C:\Windows\System32\pnpts.dll - ok
21:48:25.0561 5516 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
21:48:25.0561 5516 C:\Windows\System32\wdiasqmmodule.dll - ok
21:48:25.0564 5516 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
21:48:25.0564 5516 C:\Windows\System32\PortableDeviceApi.dll - ok
21:48:25.0567 5516 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
21:48:25.0567 5516 C:\Windows\System32\aepic.dll - ok
21:48:25.0569 5516 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
21:48:25.0569 5516 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
21:48:25.0572 5516 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
21:48:25.0572 5516 C:\Windows\System32\npmproxy.dll - ok
21:48:25.0574 5516 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
21:48:25.0575 5516 C:\Windows\System32\p2pcollab.dll - ok
21:48:25.0577 5516 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
21:48:25.0577 5516 C:\Windows\System32\fveui.dll - ok
21:48:25.0580 5516 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
21:48:25.0580 5516 C:\Windows\System32\NapiNSP.dll - ok
21:48:25.0582 5516 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
21:48:25.0582 5516 C:\Windows\System32\pnrpnsp.dll - ok
21:48:25.0585 5516 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
21:48:25.0585 5516 C:\Windows\System32\winrnr.dll - ok
21:48:25.0587 5516 [ 8D47D01378347889A662D54037A988CC ] C:\Windows\System32\tdh.dll
21:48:25.0587 5516 C:\Windows\System32\tdh.dll - ok
21:48:25.0590 5516 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
21:48:25.0590 5516 C:\Windows\System32\pnidui.dll - ok
21:48:25.0592 5516 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\System32\wmp.dll
21:48:25.0592 5516 C:\Windows\System32\wmp.dll - ok
21:48:25.0594 5516 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
21:48:25.0594 5516 C:\Windows\System32\drivers\nwifi.sys - ok
21:48:25.0597 5516 [ C68153ECC557A0C841D976543E493EF6 ] C:\Program Files\AVG\AVG2013\avgxpl.dll
21:48:25.0597 5516 C:\Program Files\AVG\AVG2013\avgxpl.dll - ok
21:48:25.0599 5516 [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
21:48:25.0600 5516 C:\Windows\System32\taskhost.exe - ok
21:48:25.0602 5516 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\System32\apisetschema.dll
21:48:25.0602 5516 C:\Windows\System32\apisetschema.dll - ok
21:48:25.0605 5516 [ 198366199A9F342EF87978D79308B49F ] C:\Windows\System32\RacEngn.dll
21:48:25.0605 5516 C:\Windows\System32\RacEngn.dll - ok
21:48:25.0607 5516 [ B6C756FA661C5EB7B3547E60647F87A7 ] C:\Windows\System32\sqlceoledb30.dll
21:48:25.0607 5516 C:\Windows\System32\sqlceoledb30.dll - ok
21:48:25.0610 5516 [ 13CDD3FF0961A2EC6D9829A1640DD6DC ] C:\Windows\System32\sqlcese30.dll
21:48:25.0610 5516 C:\Windows\System32\sqlcese30.dll - ok
21:48:25.0613 5516 [ 60236C8C3B8C2D8B9A59326890533EB8 ] C:\Windows\System32\sqlceqp30.dll
21:48:25.0613 5516 C:\Windows\System32\sqlceqp30.dll - ok
21:48:25.0615 5516 [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\System32\WinSATAPI.dll
21:48:25.0615 5516 C:\Windows\System32\WinSATAPI.dll - ok
21:48:25.0618 5516 [ D4F264FE23F8953D840904418220C15E ] C:\Windows\System32\dxgi.dll
21:48:25.0618 5516 C:\Windows\System32\dxgi.dll - ok
21:48:25.0620 5516 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
21:48:25.0620 5516 C:\Windows\System32\msxml6.dll - ok
21:48:25.0623 5516 [ CE7803953FE7314061B3F9188D310EB2 ] C:\Windows\System32\en-US\KernelBase.dll.mui
21:48:25.0623 5516 C:\Windows\System32\en-US\KernelBase.dll.mui - ok
21:48:25.0626 5516 [ C2A9093E56551AACD417926F14F848E8 ] C:\Windows\System32\msxml6r.dll
21:48:25.0626 5516 C:\Windows\System32\msxml6r.dll - ok
21:48:25.0628 5516 [ 330A6E9A4A6FA657EBB094FCD82EFA9D ] C:\Windows\System32\en-US\WinSATAPI.dll.mui
21:48:25.0628 5516 C:\Windows\System32\en-US\WinSATAPI.dll.mui - ok
21:48:25.0631 5516 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll
21:48:25.0631 5516 C:\Windows\System32\tzres.dll - ok
21:48:25.0634 5516 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
21:48:25.0634 5516 C:\Windows\System32\dimsjob.dll - ok
21:48:25.0636 5516 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
21:48:25.0636 5516 C:\Windows\System32\pautoenr.dll - ok
21:48:25.0639 5516 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
21:48:25.0639 5516 C:\Windows\System32\certcli.dll - ok
21:48:25.0641 5516 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
21:48:25.0641 5516 C:\Windows\System32\CertEnroll.dll - ok
21:48:25.0644 5516 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
21:48:25.0652 5516 C:\Windows\System32\dllhost.exe - ok
21:48:25.0654 5516 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
21:48:25.0654 5516 C:\Windows\System32\IDStore.dll - ok
21:48:25.0657 5516 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
21:48:25.0657 5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
21:48:25.0659 5516 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
21:48:25.0659 5516 C:\Windows\System32\userinit.exe - ok
21:48:25.0662 5516 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
21:48:25.0662 5516 C:\Windows\System32\dwmredir.dll - ok
21:48:25.0665 5516 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
21:48:25.0665 5516 C:\Windows\System32\dwmcore.dll - ok
21:48:25.0667 5516 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
21:48:25.0667 5516 C:\Windows\System32\PlaySndSrv.dll - ok
21:48:25.0670 5516 [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\System32\d3d10_1.dll
21:48:25.0670 5516 C:\Windows\System32\d3d10_1.dll - ok
21:48:25.0672 5516 [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\System32\d3d10_1core.dll
21:48:25.0672 5516 C:\Windows\System32\d3d10_1core.dll - ok
21:48:25.0675 5516 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
21:48:25.0675 5516 C:\Windows\System32\MsCtfMonitor.dll - ok
21:48:25.0678 5516 [ 7ACDFB4CC67F4993DF0E0731576309B2 ] C:\Windows\System32\d3d11.dll
21:48:25.0678 5516 C:\Windows\System32\d3d11.dll - ok
21:48:25.0680 5516 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
21:48:25.0680 5516 C:\Windows\System32\msutb.dll - ok
21:48:25.0683 5516 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
21:48:25.0683 5516 C:\Windows\System32\HotStartUserAgent.dll - ok
21:48:25.0685 5516 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
21:48:25.0685 5516 C:\Windows\explorer.exe - ok
21:48:25.0688 5516 [ E5787E04A7EFAE442940B3AE93183140 ] C:\Windows\System32\nvwgf2um.dll
21:48:25.0688 5516 C:\Windows\System32\nvwgf2um.dll - ok
21:48:25.0690 5516 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
21:48:25.0690 5516 C:\Windows\System32\ExplorerFrame.dll - ok
21:48:25.0693 5516 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
21:48:25.0693 5516 C:\Windows\System32\uDWM.dll - ok
21:48:25.0695 5516 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
21:48:25.0695 5516 C:\Windows\System32\EhStorShell.dll - ok
21:48:25.0698 5516 [ 3EC541C196DE18ED9A0D0AC82A694D4C ] C:\Windows\System32\cscui.dll
21:48:25.0698 5516 C:\Windows\System32\cscui.dll - ok
21:48:25.0701 5516 [ 57A51217581614DE07F30E34D6BB4993 ] C:\Windows\System32\cscdll.dll
21:48:25.0701 5516 C:\Windows\System32\cscdll.dll - ok
21:48:25.0703 5516 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
21:48:25.0703 5516 C:\Windows\System32\cscapi.dll - ok
21:48:25.0706 5516 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
21:48:25.0706 5516 C:\Windows\System32\ntshrui.dll - ok
21:48:25.0708 5516 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
21:48:25.0708 5516 C:\Windows\System32\IconCodecService.dll - ok
21:48:25.0711 5516 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
21:48:25.0711 5516 C:\Windows\System32\runonce.exe - ok
21:48:25.0713 5516 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
21:48:25.0713 5516 C:\Windows\System32\radardt.dll - ok
21:48:25.0716 5516 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
21:48:25.0716 5516 C:\Windows\System32\cmd.exe - ok
21:48:25.0718 5516 [ 84FA403E67CCF1A031FAEB39A091A7C0 ] C:\Windows\System32\en-US\cmd.exe.mui
21:48:25.0719 5516 C:\Windows\System32\en-US\cmd.exe.mui - ok
21:48:25.0721 5516 [ DFE118C95C6571B87D1923DAB3FA0A77 ] C:\Windows\System32\ieframe.dll
21:48:25.0721 5516 C:\Windows\System32\ieframe.dll - ok
21:48:25.0724 5516 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
21:48:25.0724 5516 C:\Windows\System32\shdocvw.dll - ok
21:48:25.0726 5516 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\james\AppData\Local\temp\9065F4A4-A3FB-49FA-9DDD-6AA51CA020EB.exe
21:48:25.0726 5516 C:\Users\james\AppData\Local\temp\9065F4A4-A3FB-49FA-9DDD-6AA51CA020EB.exe - ok
21:48:25.0729 5516 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
21:48:25.0729 5516 C:\Windows\System32\taskeng.exe - ok
21:48:25.0732 5516 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
21:48:25.0732 5516 C:\Windows\System32\umb.dll - ok
21:48:25.0734 5516 [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
21:48:25.0734 5516 C:\Windows\System32\localspl.dll - ok
21:48:25.0737 5516 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
21:48:25.0737 5516 C:\Windows\System32\spoolss.dll - ok
21:48:25.0739 5516 [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
21:48:25.0739 5516 C:\Windows\System32\PrintIsolationProxy.dll - ok
21:48:25.0742 5516 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
21:48:25.0742 5516 C:\Windows\System32\TSChannel.dll - ok
21:48:25.0744 5516 [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
21:48:25.0744 5516 C:\Windows\System32\FXSMON.dll - ok
21:48:25.0747 5516 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
21:48:25.0747 5516 C:\Windows\System32\tcpmon.dll - ok
21:48:25.0750 5516 [ EC63F649F7090F885EBD4770FFB92FCB ] C:\Users\james\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
21:48:25.0750 5516 C:\Users\james\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe - ok
21:48:25.0752 5516 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
21:48:25.0752 5516 C:\Windows\System32\snmpapi.dll - ok
21:48:25.0755 5516 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
21:48:25.0755 5516 C:\Windows\System32\wsnmp32.dll - ok
21:48:25.0758 5516 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
21:48:25.0758 5516 C:\Windows\System32\usbmon.dll - ok
21:48:25.0760 5516 [ 479901C99FA62D1C3261B7ACB1228DAD ] C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
21:48:25.0760 5516 C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe - ok
21:48:25.0763 5516 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
21:48:25.0763 5516 C:\Windows\System32\WSDMon.dll - ok
21:48:25.0766 5516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
21:48:25.0766 5516 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
21:48:25.0768 5516 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
21:48:25.0768 5516 C:\Windows\System32\WSDApi.dll - ok
21:48:25.0771 5516 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
21:48:25.0771 5516 C:\Windows\System32\webservices.dll - ok
21:48:25.0774 5516 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
21:48:25.0774 5516 C:\Windows\System32\fundisc.dll - ok
21:48:25.0776 5516 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
21:48:25.0776 5516 C:\Windows\System32\fdPnp.dll - ok
21:48:25.0779 5516 [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
21:48:25.0779 5516 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
21:48:25.0782 5516 [ 52CCA2E9FFD0653CACED1E808AADE4B6 ] C:\Windows\System32\win32spl.dll
21:48:25.0782 5516 C:\Windows\System32\win32spl.dll - ok
21:48:25.0784 5516 [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
21:48:25.0784 5516 C:\Windows\System32\inetpp.dll - ok
21:48:25.0787 5516 [ B04ABC47319CB3C808A3A5525F2F3F2F ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
21:48:25.0787 5516 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
21:48:25.0789 5516 [ 0EDAACBC028C1B50A57899E64EE60E9B ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
21:48:25.0789 5516 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
21:48:25.0792 5516 [ 1290853C52D8BD47683FED043D79BC21 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
21:48:25.0792 5516 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
21:48:25.0795 5516 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
21:48:25.0795 5516 C:\Windows\System32\msi.dll - ok
21:48:25.0797 5516 [ 658EBC74BD38D16805648C4775F7FA82 ] C:\Windows\System32\mshtml.dll
21:48:25.0797 5516 C:\Windows\System32\mshtml.dll - ok
21:48:25.0800 5516 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
21:48:25.0800 5516 C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
21:48:25.0803 5516 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
21:48:25.0803 5516 C:\Windows\System32\dbghelp.dll - ok
21:48:25.0805 5516 [ 35DB83C4DE9FA3889E937125D115EAA0 ] C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll
21:48:25.0805 5516 C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll - ok
21:48:25.0808 5516 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
21:48:25.0808 5516 C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
21:48:25.0811 5516 [ 9D2770C04366EC86C423D6CD87918906 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll
21:48:25.0811 5516 C:\Program Files\NVIDIA Corporation\Display\nvsmartmax.dll - ok
21:48:25.0814 5516 [ 015C6099859F1E646D658DE55AA8A2AA ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
21:48:25.0814 5516 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
21:48:25.0816 5516 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\System32\oleaccrc.dll
21:48:25.0816 5516 C:\Windows\System32\oleaccrc.dll - ok
21:48:25.0819 5516 [ 0684691B41204DB59337C4B29BE5B879 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
21:48:25.0819 5516 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
21:48:25.0822 5516 [ E9EA664126AED9F9AD86AD4C8DE24A9D ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
21:48:25.0822 5516 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
21:48:25.0825 5516 [ F84D3AD4CACE8294D0446F776642C987 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
21:48:25.0825 5516 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
21:48:25.0827 5516 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
21:48:25.0827 5516 C:\Windows\System32\wmploc.DLL - ok
21:48:25.0830 5516 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
21:48:25.0830 5516 C:\Windows\System32\aeevts.dll - ok
21:48:25.0833 5516 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
21:48:25.0833 5516 C:\Windows\System32\ie4uinit.exe - ok
21:48:25.0835 5516 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
21:48:25.0835 5516 C:\Windows\System32\iedkcs32.dll - ok
21:48:25.0838 5516 [ 5992A9DF57FD5E6960FDCC2DB69867F7 ] C:\Windows\System32\themeui.dll
21:48:25.0838 5516 C:\Windows\System32\themeui.dll - ok
21:48:25.0840 5516 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
21:48:25.0840 5516 C:\Windows\System32\timedate.cpl - ok
21:48:25.0843 5516 [ 79DE9216B4800813CC3EFA8048F7B038 ] C:\Windows\System32\mmres.dll
21:48:25.0843 5516 C:\Windows\System32\mmres.dll - ok
21:48:25.0844 5516 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
21:48:25.0844 5516 C:\Windows\System32\actxprxy.dll - ok
21:48:25.0847 5516 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
21:48:25.0847 5516 C:\Windows\System32\linkinfo.dll - ok
21:48:25.0850 5516 [ 7CA00998C1AAF913AC089E29DB746037 ] C:\Windows\System32\unregmp2.exe
21:48:25.0850 5516 C:\Windows\System32\unregmp2.exe - ok
21:48:25.0853 5516 [ 45C0DF404182850C21749AF7763C095F ] C:\Windows\System32\accessibilitycpl.dll
21:48:25.0853 5516 C:\Windows\System32\accessibilitycpl.dll - ok
21:48:25.0855 5516 [ F1E9A22C1D4F5D3AC7BA555D4E95329C ] C:\Windows\System32\sud.dll
21:48:25.0855 5516 C:\Windows\System32\sud.dll - ok
21:48:25.0858 5516 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
21:48:25.0858 5516 C:\Windows\System32\msftedit.dll - ok
21:48:25.0860 5516 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
21:48:25.0860 5516 C:\Windows\System32\msls31.dll - ok
21:48:25.0863 5516 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
21:48:25.0863 5516 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
21:48:25.0866 5516 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
21:48:25.0866 5516 C:\Windows\System32\wucltux.dll - ok
21:48:25.0868 5516 [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:48:25.0868 5516 C:\Program Files\Windows Sidebar\sidebar.exe - ok
21:48:25.0871 5516 [ 90766F3987AA34BC5D6EAE8A38C1F533 ] C:\Windows\System32\WindowsAnytimeUpgradeui.exe
21:48:25.0871 5516 C:\Windows\System32\WindowsAnytimeUpgradeui.exe - ok
21:48:25.0874 5516 [ 5A8EBF167F36A7C0D6E9BDD027D55EEB ] C:\Program Files\DVD Maker\DVDMaker.exe
21:48:25.0874 5516 C:\Program Files\DVD Maker\DVDMaker.exe - ok
21:48:25.0876 5516 [ 59B7280D73906B43B13B273A1F9CC3DD ] C:\Windows\System32\xpsrchvw.exe
21:48:25.0876 5516 C:\Windows\System32\xpsrchvw.exe - ok
21:48:25.0879 5516 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
21:48:25.0879 5516 C:\Windows\System32\msxml3.dll - ok
21:48:25.0881 5516 [ BA4E1A60BD20CA7978C76D79F19E37F0 ] C:\Windows\System32\DisplaySwitch.exe
21:48:25.0882 5516 C:\Windows\System32\DisplaySwitch.exe - ok
21:48:25.0884 5516 [ 7B554081A0A80B14F1E5D06441DBAF58 ] C:\Program Files\Common Files\microsoft shared\ink\mip.exe
21:48:25.0884 5516 C:\Program Files\Common Files\microsoft shared\ink\mip.exe - ok
21:48:25.0887 5516 [ 9222E48DFA681E35F340DF4E079F7C27 ] C:\Program Files\Steam\Steam.exe
21:48:25.0887 5516 C:\Program Files\Steam\Steam.exe - ok
21:48:25.0889 5516 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\System32\msimtf.dll
21:48:25.0889 5516 C:\Windows\System32\msimtf.dll - ok
21:48:25.0892 5516 [ 26DB6CB9BC434ABA1169B3051E6AB4F2 ] C:\Windows\System32\jscript.dll
21:48:25.0892 5516 C:\Windows\System32\jscript.dll - ok
21:48:25.0894 5516 [ B5FFA9977015ED3E1B2C3FF266A1BEB9 ] C:\Windows\System32\mblctr.exe
21:48:25.0895 5516 C:\Windows\System32\mblctr.exe - ok
21:48:25.0897 5516 [ 9FF8F684BACF326082E5562F7C104A79 ] C:\Windows\System32\d2d1.dll
21:48:25.0897 5516 C:\Windows\System32\d2d1.dll - ok
21:48:25.0899 5516 [ 4277F5164DE9B7C665BB928B9145BEE0 ] C:\Windows\System32\DWrite.dll
21:48:25.0900 5516 C:\Windows\System32\DWrite.dll - ok
21:48:25.0902 5516 [ EA07236776BDAB19891C47554F47506B ] C:\Program Files\Steam\crashhandler.dll
21:48:25.0902 5516 C:\Program Files\Steam\crashhandler.dll - ok
21:48:25.0905 5516 [ B3170CCC779B682C3341873EA60CF084 ] C:\Windows\System32\d3d10warp.dll
21:48:25.0905 5516 C:\Windows\System32\d3d10warp.dll - ok
21:48:25.0907 5516 [ 518318A103C888001054EFA1236E5033 ] C:\Windows\System32\dfshim.dll
21:48:25.0907 5516 C:\Windows\System32\dfshim.dll - ok
21:48:25.0910 5516 [ 6B9BEFC3B8D8A9B4598F9507133FBB0D ] C:\Windows\System32\NetProjW.dll
21:48:25.0910 5516 C:\Windows\System32\NetProjW.dll - ok
21:48:25.0912 5516 [ 0C7B5EB59E3B307AA7022F7823F6BCD4 ] C:\Windows\System32\nvd3dum.dll
21:48:25.0912 5516 C:\Windows\System32\nvd3dum.dll - ok
21:48:25.0915 5516 [ 2A6C01BAC0F8AA9143D61AE1E28E263A ] C:\Users\james\AppData\Roaming\Yontoo\YontooDesktop.exe
21:48:25.0915 5516 C:\Users\james\AppData\Roaming\Yontoo\YontooDesktop.exe - ok
21:48:25.0918 5516 [ C349C0441510D3AB12013C52BAD5E540 ] C:\Program Files\Steam\steamerrorreporter.exe
21:48:25.0918 5516 C:\Program Files\Steam\steamerrorreporter.exe - ok
21:48:25.0921 5516 [ AB6D0A4EBA0B43A83A21F698F3E1BCC8 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
21:48:25.0921 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll - ok
21:48:25.0923 5516 [ 3355227467C32EF2612BF2DA158B6EB5 ] C:\Program Files\Steam\tier0_s.dll
21:48:25.0923 5516 C:\Program Files\Steam\tier0_s.dll - ok
21:48:25.0926 5516 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
21:48:25.0926 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
21:48:25.0929 5516 [ 94D957210D137464D9A9BC3CDC0E116A ] C:\Program Files\Steam\vstdlib_s.dll
21:48:25.0929 5516 C:\Program Files\Steam\vstdlib_s.dll - ok
21:48:25.0931 5516 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
21:48:25.0931 5516 C:\Windows\System32\msvcr100_clr0400.dll - ok
21:48:25.0934 5516 [ 40FF6C636380A87DE3A99F4E348BFDCB ] C:\Windows\System32\mstsc.exe
21:48:25.0934 5516 C:\Windows\System32\mstsc.exe - ok
21:48:25.0937 5516 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
21:48:25.0937 5516 C:\Windows\System32\DeviceCenter.dll - ok
21:48:25.0939 5516 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
21:48:25.0939 5516 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
21:48:25.0942 5516 [ 32BE4A1FAFCCD5CA9AB0CE772C43D5E2 ] C:\Windows\System32\SnippingTool.exe
21:48:25.0942 5516 C:\Windows\System32\SnippingTool.exe - ok
21:48:25.0944 5516 [ D2F7A0ADC2EE0F65AB1F19D2E00C16B8 ] C:\Windows\System32\sc.exe
21:48:25.0944 5516 C:\Windows\System32\sc.exe - ok
21:48:25.0947 5516 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
21:48:25.0947 5516 C:\Windows\System32\riched20.dll - ok
21:48:25.0950 5516 [ 27E79A455EF80647F4F57FA3C2B09C94 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
21:48:25.0950 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll - ok
21:48:25.0953 5516 [ 2A40F6AD59D3E598ECDAA6CAB90360A4 ] C:\Windows\System32\SoundRecorder.exe
21:48:25.0953 5516 C:\Windows\System32\SoundRecorder.exe - ok
21:48:25.0955 5516 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
21:48:25.0955 5516 C:\Windows\System32\networkexplorer.dll - ok
21:48:25.0958 5516 [ 8B1590C627138166C015A5680ABF6BB2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
21:48:25.0958 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll - ok
21:48:25.0961 5516 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
21:48:25.0961 5516 C:\Windows\System32\thumbcache.dll - ok
21:48:25.0964 5516 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
21:48:25.0964 5516 C:\Windows\System32\drprov.dll - ok
21:48:25.0967 5516 [ BE210318FA6DA2A862BD41EA87E8CBE6 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
21:48:25.0967 5516 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
21:48:25.0969 5516 [ 4ABBD0FEB53ECCD3B5C8A9D9FB1A79F6 ] C:\Windows\System32\SNTSearch.dll
21:48:25.0969 5516 C:\Windows\System32\SNTSearch.dll - ok
21:48:25.0972 5516 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
21:48:25.0972 5516 C:\Windows\System32\ntlanman.dll - ok
21:48:25.0974 5516 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
21:48:25.0974 5516 C:\Windows\System32\davclnt.dll - ok
21:48:25.0977 5516 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
21:48:25.0977 5516 C:\Windows\System32\davhlpr.dll - ok
21:48:25.0979 5516 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
21:48:25.0980 5516 C:\Windows\System32\SyncCenter.dll - ok
21:48:25.0982 5516 [ 468D6989581E6AEA75DE74D4B3722CC3 ] C:\Windows\System32\OobeFldr.dll
21:48:25.0982 5516 C:\Windows\System32\OobeFldr.dll - ok
21:48:25.0985 5516 [ B5D4429FBBF86A05AC2E3A247E32E97F ] C:\Windows\System32\wshom.ocx
21:48:25.0985 5516 C:\Windows\System32\wshom.ocx - ok
21:48:25.0987 5516 [ 69A1D7C29CFF256BECBD4E39E2159636 ] C:\Windows\System32\scrrun.dll
21:48:25.0987 5516 C:\Windows\System32\scrrun.dll - ok
21:48:25.0990 5516 [ BE54E44F60F121782B84E5B1BFADF315 ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
21:48:25.0990 5516 C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
21:48:25.0993 5516 [ 21E110FF1C0E948860458BD7B692DE13 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
21:48:25.0993 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll - ok
21:48:25.0996 5516 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21:48:25.0996 5516 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
21:48:25.0998 5516 [ FB036244DBD2FADC225AD8650886B641 ] C:\Windows\System32\dfrgui.exe
21:48:25.0998 5516 C:\Windows\System32\dfrgui.exe - ok
21:48:26.0001 5516 [ 41EB613C0BF27E23C9BC07EA3E9EA1F3 ] C:\Users\james\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\GPUStatusReader.dll
21:48:26.0001 5516 C:\Users\james\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\GPUStatusReader.dll - ok
21:48:26.0004 5516 [ 52C875E8F96E4F9E69914A538C129C6E ] C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
21:48:26.0004 5516 C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - ok
21:48:26.0007 5516 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
21:48:26.0007 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
21:48:26.0009 5516 [ 8BCF1DCE05F4494C8891F33EEA450D0A ] C:\Windows\System32\wdc.dll
21:48:26.0009 5516 C:\Windows\System32\wdc.dll - ok
21:48:26.0012 5516 [ 51D2F66C0C55419CA4A797C8D1B0AD8D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
21:48:26.0012 5516 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll - ok
21:48:26.0015 5516 [ 972DCC74D4CDCB64086E7CFACBDB74CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21:48:26.0015 5516 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
21:48:26.0018 5516 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
21:48:26.0018 5516 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
21:48:26.0021 5516 [ 5F2122888583347C9B81724CF169EFC6 ] C:\Windows\System32\msinfo32.exe
21:48:26.0021 5516 C:\Windows\System32\msinfo32.exe - ok
21:48:26.0023 5516 [ C6B0509AA89F656247694E2D6ABF7255 ] C:\Windows\System32\wbem\wmiprov.dll
21:48:26.0023 5516 C:\Windows\System32\wbem\wmiprov.dll - ok
21:48:26.0026 5516 [ CEA80C80BED809AA0DA6FEBC04733349 ] C:\Windows\System32\drivers\acpi.sys
21:48:26.0026 5516 C:\Windows\System32\drivers\acpi.sys - ok
21:48:26.0028 5516 [ 78079EB83665E1AC18AC9C5E273845BF ] C:\Windows\System32\rstrui.exe
21:48:26.0028 5516 C:\Windows\System32\rstrui.exe - ok
21:48:26.0031 5516 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
21:48:26.0031 5516 C:\Windows\System32\security.dll - ok
21:48:26.0034 5516 [ B72F77DA5A69F5626696182E17B503BA ] C:\Windows\System32\miguiresource.dll
21:48:26.0034 5516 C:\Windows\System32\miguiresource.dll - ok
21:48:26.0036 5516 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
21:48:26.0036 5516 C:\Windows\System32\dssenh.dll - ok
21:48:26.0039 5516 [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
21:48:26.0039 5516 C:\Windows\System32\wbem\cimwin32.dll - ok
21:48:26.0041 5516 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
21:48:26.0041 5516 C:\Windows\System32\framedynos.dll - ok
21:48:26.0044 5516 [ 059D344145BA103135E6989C03C37BE0 ] C:\Windows\Branding\Basebrd\basebrd.dll
21:48:26.0044 5516 C:\Windows\Branding\Basebrd\basebrd.dll - ok
21:48:26.0047 5516 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\System32\browcli.dll
21:48:26.0047 5516 C:\Windows\System32\browcli.dll - ok
21:48:26.0049 5516 [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\System32\schedcli.dll
21:48:26.0049 5516 C:\Windows\System32\schedcli.dll - ok
21:48:26.0052 5516 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
21:48:26.0052 5516 C:\Windows\System32\wmi.dll - ok
21:48:26.0054 5516 [ AC3598BD1101BBC4365994BAB093BB62 ] C:\Windows\System32\rdpcorets.dll
21:48:26.0054 5516 C:\Windows\System32\rdpcorets.dll - ok
21:48:26.0057 5516 [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\System32\drt.dll
21:48:26.0057 5516 C:\Windows\System32\drt.dll - ok
21:48:26.0059 5516 [ 0DF34F7EF3BD18DC00C3E03E6E1CA315 ] C:\Windows\System32\WsmRes.dll
21:48:26.0059 5516 C:\Windows\System32\WsmRes.dll - ok
21:48:26.0062 5516 [ 2F6C94BA73C976FAF939358D84E653E9 ] C:\Windows\System32\azroles.dll
21:48:26.0062 5516 C:\Windows\System32\azroles.dll - ok
21:48:26.0065 5516 [ 8E48B931FA851F1F09E8885B4129483C ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui
21:48:26.0065 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui - ok
21:48:26.0068 5516 [ F9B8FE9E8E921CCD7671671FF54F730A ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll
21:48:26.0068 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll - ok
21:48:26.0071 5516 [ D76ADFFFC61C29AC83C1CEC84CFD3C55 ] C:\Windows\System32\en-US\umpo.dll.mui
21:48:26.0071 5516 C:\Windows\System32\en-US\umpo.dll.mui - ok
21:48:26.0073 5516 [ 3DA89907BD395D26300A673D85F6685A ] C:\Windows\System32\en-US\httpapi.dll.mui
21:48:26.0073 5516 C:\Windows\System32\en-US\httpapi.dll.mui - ok
21:48:26.0076 5516 [ F1B6239C978C5D667124F8425FA59B08 ] C:\Windows\System32\en-US\rdpcorets.dll.mui
21:48:26.0076 5516 C:\Windows\System32\en-US\rdpcorets.dll.mui - ok
21:48:26.0078 5516 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll
21:48:26.0078 5516 C:\Windows\System32\perfos.dll - ok
21:48:26.0081 5516 [ 2FF112EF1984C2AD73684F0B290DBFA3 ] C:\Windows\System32\migwiz\wet.dll
21:48:26.0081 5516 C:\Windows\System32\migwiz\wet.dll - ok
21:48:26.0084 5516 [ 20F53F9DA0336C73616D124E48CC3387 ] C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
21:48:26.0084 5516 C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - ok
21:48:26.0087 5516 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\15831743.sys
21:48:26.0087 5516 C:\Windows\System32\drivers\15831743.sys - ok
21:48:26.0089 5516 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
21:48:26.0089 5516 C:\Windows\System32\shfolder.dll - ok
21:48:26.0092 5516 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
21:48:26.0092 5516 C:\Windows\System32\stobject.dll - ok
21:48:26.0095 5516 [ 5A7A33F7F9DFC0C0A8B8E000F4D9D898 ] C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
21:48:26.0095 5516 C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - ok
21:48:26.0097 5516 [ 5B3FA17E1CD6FBBDF41AC34DAEECC256 ] C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
21:48:26.0097 5516 C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - ok
21:48:26.0100 5516 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
21:48:26.0100 5516 C:\Windows\System32\batmeter.dll - ok
21:48:26.0102 5516 [ 5BCB0EB1A8EC016C03375E5C87344400 ] C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
21:48:26.0102 5516 C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe - ok
21:48:26.0105 5516 [ 5AF22331F2CA24D7688DE5C374519BA3 ] C:\Program Files\Windows Journal\Journal.exe
21:48:26.0105 5516 C:\Program Files\Windows Journal\Journal.exe - ok
21:48:26.0108 5516 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
21:48:26.0108 5516 C:\Windows\System32\prnfldr.dll - ok
21:48:26.0110 5516 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
21:48:26.0110 5516 C:\Windows\System32\rundll32.exe - ok
21:48:26.0113 5516 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
21:48:26.0113 5516 C:\Windows\AppPatch\AcLayers.dll - ok
21:48:26.0115 5516 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
21:48:26.0115 5516 C:\Windows\System32\fdProxy.dll - ok
21:48:26.0118 5516 [ 92F44E405DB16AC55D97E3BFE3B132FA ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
21:48:26.0118 5516 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
21:48:26.0120 5516 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
21:48:26.0120 5516 C:\Windows\System32\DXP.dll - ok
21:48:26.0123 5516 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
21:48:26.0123 5516 C:\Windows\System32\Syncreg.dll - ok
21:48:26.0126 5516 [ 0BBDB0F5A25A2FE0502F44CA7D04AB61 ] C:\Windows\System32\mycomput.dll
21:48:26.0126 5516 C:\Windows\System32\mycomput.dll - ok
21:48:26.0128 5516 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
21:48:26.0128 5516 C:\Windows\System32\odbcint.dll - ok
21:48:26.0131 5516 [ F945ADCEF203E6104AEC8EC9C337CFD0 ] C:\Windows\System32\iscsicpl.dll
21:48:26.0131 5516 C:\Windows\System32\iscsicpl.dll - ok
21:48:26.0133 5516 [ 4D05BDE56A7116B744B04192173A0122 ] C:\Windows\System32\MdSched.exe
21:48:26.0133 5516 C:\Windows\System32\MdSched.exe - ok
21:48:26.0136 5516 [ 2BCF9DD935DAE5A34BACE0F76DD0B581 ] C:\Windows\System32\pmcsnap.dll
21:48:26.0136 5516 C:\Windows\System32\pmcsnap.dll - ok
21:48:26.0138 5516 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
21:48:26.0138 5516 C:\Windows\ehome\ehSSO.dll - ok
21:48:26.0141 5516 [ CA75367CE419922291A11227E32FBA0C ] C:\Windows\System32\wsecedit.dll
21:48:26.0141 5516 C:\Windows\System32\wsecedit.dll - ok
21:48:26.0143 5516 [ A3E23DD82AA7963D9F7D184BEEEE5448 ] C:\Windows\System32\filemgmt.dll
21:48:26.0143 5516 C:\Windows\System32\filemgmt.dll - ok
21:48:26.0146 5516 [ A00075951E38A73FE2F9D8384311710A ] C:\Windows\System32\msconfig.exe
21:48:26.0146 5516 C:\Windows\System32\msconfig.exe - ok
21:48:26.0149 5516 [ 81241E7723D5675AF6E27A7F0E7F3324 ] C:\Windows\System32\AuthFWGP.dll
21:48:26.0149 5516 C:\Windows\System32\AuthFWGP.dll - ok
21:48:26.0151 5516 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
21:48:26.0151 5516 C:\Windows\System32\AltTab.dll - ok
21:48:26.0154 5516 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
21:48:26.0154 5516 C:\Windows\System32\WPDShServiceObj.dll - ok
21:48:26.0157 5516 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
21:48:26.0157 5516 C:\Windows\System32\PortableDeviceTypes.dll - ok
21:48:26.0159 5516 [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll
21:48:26.0159 5516 C:\Windows\System32\gameux.dll - ok
21:48:26.0162 5516 [ 651CCE85668452DADE9BD108CF393E6C ] C:\Users\james\AppData\Roaming\Yontoo\dat\Desktop.OS.dll
21:48:26.0162 5516 C:\Users\james\AppData\Roaming\Yontoo\dat\Desktop.OS.dll - ok
21:48:26.0165 5516 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
21:48:26.0165 5516 C:\Windows\System32\QUTIL.DLL - ok
21:48:26.0167 5516 [ CF4274CEEA9F7791FB7FC40A066BC2C7 ] C:\Windows\System32\cscobj.dll
21:48:26.0167 5516 C:\Windows\System32\cscobj.dll - ok
21:48:26.0170 5516 [ E24BB41C4EFC309A14709FC127A3B847 ] C:\Windows\System32\sdcpl.dll
21:48:26.0170 5516 C:\Windows\System32\sdcpl.dll - ok
21:48:26.0172 5516 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
21:48:26.0172 5516 C:\Windows\System32\srchadmin.dll - ok
21:48:26.0175 5516 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
21:48:26.0175 5516 C:\Windows\System32\webcheck.dll - ok
21:48:26.0177 5516 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
21:48:26.0177 5516 C:\Windows\System32\rasdlg.dll - ok
21:48:26.0180 5516 [ 7635B6502882E4B1713F049FD8FD2EA4 ] C:\Windows\System32\recdisc.exe
21:48:26.0180 5516 C:\Windows\System32\recdisc.exe - ok
21:48:26.0183 5516 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
21:48:26.0183 5516 C:\Windows\System32\dot3api.dll - ok
21:48:26.0185 5516 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
21:48:26.0185 5516 C:\Windows\System32\mlang.dll - ok
21:48:26.0188 5516 [ 4AC5B4A0B8D22185C09EE5584BF1CFB5 ] C:\Windows\System32\msra.exe
21:48:26.0188 5516 C:\Windows\System32\msra.exe - ok
21:48:26.0190 5516 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
21:48:26.0190 5516 C:\Windows\System32\wlanhlp.dll - ok
21:48:26.0193 5516 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
21:48:26.0193 5516 C:\Windows\System32\wlanapi.dll - ok
21:48:26.0196 5516 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
21:48:26.0196 5516 C:\Windows\System32\wlanutil.dll - ok
21:48:26.0198 5516 [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll
21:48:26.0198 5516 C:\Windows\System32\ActionCenter.dll - ok
21:48:26.0201 5516 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
21:48:26.0201 5516 C:\Windows\System32\onex.dll - ok
21:48:26.0203 5516 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
21:48:26.0203 5516 C:\Windows\System32\imapi2.dll - ok
21:48:26.0206 5516 [ 8DBAE55C9A2321DC984A3C380FE06931 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe
21:48:26.0206 5516 C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe - ok
21:48:26.0209 5516 [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
21:48:26.0209 5516 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
21:48:26.0211 5516 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
21:48:26.0211 5516 C:\Windows\System32\hgcpl.dll - ok
21:48:26.0214 5516 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
21:48:26.0214 5516 C:\Windows\System32\WWanAPI.dll - ok
21:48:26.0217 5516 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
21:48:26.0217 5516 C:\Windows\System32\fdWSD.dll - ok
21:48:26.0219 5516 [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
21:48:26.0219 5516 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
21:48:26.0222 5516 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
21:48:26.0222 5516 C:\Windows\System32\wwapi.dll - ok
21:48:26.0225 5516 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
21:48:26.0225 5516 C:\Windows\System32\fdSSDP.dll - ok
21:48:26.0227 5516 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
21:48:26.0227 5516 C:\Windows\System32\QAGENT.DLL - ok
21:48:26.0230 5516 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
21:48:26.0230 5516 C:\Windows\System32\msiltcfg.dll - ok
21:48:26.0233 5516 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
21:48:26.0233 5516 C:\Windows\System32\bthprops.cpl - ok
21:48:26.0235 5516 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
21:48:26.0235 5516 C:\Windows\System32\wsock32.dll - ok
21:48:26.0238 5516 [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\System32\P2P.dll
21:48:26.0238 5516 C:\Windows\System32\P2P.dll - ok
21:48:26.0240 5516 [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\System32\wmdrmdev.dll
21:48:26.0240 5516 C:\Windows\System32\wmdrmdev.dll - ok
21:48:26.0243 5516 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
21:48:26.0243 5516 C:\Windows\System32\drmv2clt.dll - ok
21:48:26.0245 5516 [ 9DC23ACF360AEA7DF55AD7A8D3FBF4E6 ] C:\Windows\System32\IdListen.dll
21:48:26.0245 5516 C:\Windows\System32\IdListen.dll - ok
21:48:26.0248 5516 [ 6B0272B55C8958327CDBE1250CD4BD0A ] C:\Program Files\Internet Explorer\ieproxy.dll
21:48:26.0248 5516 C:\Program Files\Internet Explorer\ieproxy.dll - ok
21:48:26.0251 5516 [ F059EB4C9C256F62F196EAA439E28F74 ] C:\Windows\System32\hgprint.dll
21:48:26.0251 5516 C:\Windows\System32\hgprint.dll - ok
21:48:26.0253 5516 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
21:48:26.0253 5516 C:\Windows\System32\esent.dll - ok
21:48:26.0256 5516 [ 1372E8E8FD066002131E3D509275E697 ] C:\Windows\System32\P2PGraph.dll
21:48:26.0256 5516 C:\Windows\System32\P2PGraph.dll - ok
21:48:26.0259 5516 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
21:48:26.0259 5516 C:\Windows\System32\FXSST.dll - ok
21:48:26.0261 5516 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
21:48:26.0261 5516 C:\Windows\System32\FXSAPI.dll - ok
21:48:26.0264 5516 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
21:48:26.0264 5516 C:\Windows\System32\FXSSVC.exe - ok
21:48:26.0267 5516 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] C:\Windows\System32\drivers\circlass.sys
21:48:26.0267 5516 C:\Windows\System32\drivers\circlass.sys - ok
21:48:26.0270 5516 [ EA2B00551F3E7B3D5F7FB730A55F8246 ] C:\Windows\System32\blackbox.dll
21:48:26.0270 5516 C:\Windows\System32\blackbox.dll - ok
21:48:26.0272 5516 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
21:48:26.0272 5516 C:\Windows\System32\upnp.dll - ok
21:48:26.0275 5516 [ 0C78E06A66288E4B5293104A38FEFD18 ] C:\Program Files\Steam\Steam.dll
21:48:26.0275 5516 C:\Program Files\Steam\Steam.dll - ok
21:48:26.0277 5516 [ C85CE85A6EE327C755605501CC51B406 ] C:\Program Files\Steam\SteamUI.dll
21:48:26.0277 5516 C:\Program Files\Steam\SteamUI.dll - ok
21:48:26.0280 5516 [ 8A615BA7EA2E374E4FF9CA6664AE07C4 ] C:\Program Files\Steam\SDL2.dll
21:48:26.0280 5516 C:\Program Files\Steam\SDL2.dll - ok
21:48:26.0283 5516 [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\System32\wmpps.dll
21:48:26.0283 5516 C:\Windows\System32\wmpps.dll - ok
21:48:26.0285 5516 [ 7B97346CE563B74BBCC120FC83E5A6D9 ] C:\Windows\System32\wmpmde.dll
21:48:26.0286 5516 C:\Windows\System32\wmpmde.dll - ok
21:48:26.0288 5516 [ CBBD4D79EEC3EF5A4ADAE9697944C6B9 ] C:\Windows\System32\MSMPEG2ENC.DLL
21:48:26.0288 5516 C:\Windows\System32\MSMPEG2ENC.DLL - ok
21:48:26.0291 5516 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
21:48:26.0291 5516 C:\Windows\System32\devenum.dll - ok
21:48:26.0293 5516 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\System32\msdmo.dll
21:48:26.0293 5516 C:\Windows\System32\msdmo.dll - ok
21:48:26.0296 5516 [ A7532E66EA2F168A0970E829D8986423 ] C:\Program Files\Steam\dbghelp.dll
21:48:26.0296 5516 C:\Program Files\Steam\dbghelp.dll - ok
21:48:26.0299 5516 [ 173C217E677C4B0C4F8A6D54BA13BF9B ] C:\Program Files\Steam\CSERHelper.dll
21:48:26.0299 5516 C:\Program Files\Steam\CSERHelper.dll - ok
21:48:26.0301 5516 [ 69ECE6902682037EA5187C702359445F ] C:\Program Files\Steam\bin\filesystem_steam.dll
21:48:26.0301 5516 C:\Program Files\Steam\bin\filesystem_steam.dll - ok
21:48:26.0304 5516 [ D654B89C1009437A21D42B909F129154 ] C:\Program Files\Steam\bin\vgui2_s.dll
21:48:26.0304 5516 C:\Program Files\Steam\bin\vgui2_s.dll - ok
21:48:26.0307 5516 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\System32\opengl32.dll
21:48:26.0307 5516 C:\Windows\System32\opengl32.dll - ok
21:48:26.0309 5516 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\System32\glu32.dll
21:48:26.0309 5516 C:\Windows\System32\glu32.dll - ok
21:48:26.0312 5516 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
21:48:26.0312 5516 C:\Windows\System32\ddraw.dll - ok
21:48:26.0314 5516 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
21:48:26.0314 5516 C:\Windows\System32\dciman32.dll - ok
21:48:26.0317 5516 [ 11600E7F792BC361EF69B981F10A9E74 ] C:\Program Files\Steam\bin\chromehtml.dll
21:48:26.0317 5516 C:\Program Files\Steam\bin\chromehtml.dll - ok
21:48:26.0320 5516 [ 9DA621EE05B8F692ABC52B5D8076C3C7 ] C:\Program Files\Steam\bin\libcef.dll
21:48:26.0320 5516 C:\Program Files\Steam\bin\libcef.dll - ok
21:48:26.0322 5516 [ 045D0F4F41CA53D4CB22BDC814A22B64 ] C:\Program Files\Steam\bin\icudt.dll
21:48:26.0322 5516 C:\Program Files\Steam\bin\icudt.dll - ok
21:48:26.0325 5516 [ BBA1FE328CEA501FCCE1E5DF16276439 ] C:\Program Files\Steam\bin\avcodec-53.dll
21:48:26.0325 5516 C:\Program Files\Steam\bin\avcodec-53.dll - ok
21:48:26.0328 5516 [ 2A8B8A15A58EDF3B443083EC29894E54 ] C:\Program Files\Steam\bin\avutil-51.dll
21:48:26.0328 5516 C:\Program Files\Steam\bin\avutil-51.dll - ok
21:48:26.0330 5516 [ C5CCB86CD745746B9908031A54315F90 ] C:\Program Files\Steam\bin\avformat-53.dll
21:48:26.0330 5516 C:\Program Files\Steam\bin\avformat-53.dll - ok
21:48:26.0333 5516 [ 2F91685947C05D9FD822802A66511C1A ] C:\Program Files\Steam\steamclient.dll
21:48:26.0333 5516 C:\Program Files\Steam\steamclient.dll - ok
21:48:26.0336 5516 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\System32\pdh.dll
21:48:26.0336 5516 C:\Windows\System32\pdh.dll - ok
21:48:26.0338 5516 [ E21AD4E0B950475BB5AB29EA5252C801 ] C:\Program Files\Common Files\Steam\SteamService.exe
21:48:26.0338 5516 C:\Program Files\Common Files\Steam\SteamService.exe - ok
21:48:26.0341 5516 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\System32\udhisapi.dll
21:48:26.0341 5516 C:\Windows\System32\udhisapi.dll - ok
21:48:26.0344 5516 [ 0AB205EDC2D0DD419D88AF0E3C2358F2 ] C:\Program Files\Common Files\Steam\SteamServiceTmp.exe
21:48:26.0344 5516 C:\Program Files\Common Files\Steam\SteamServiceTmp.exe - ok
21:48:26.0345 5516 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
21:48:26.0345 5516 C:\Windows\System32\dsound.dll - ok
21:48:26.0348 5516 [ 0AB205EDC2D0DD419D88AF0E3C2358F2 ] C:\Program Files\Steam\bin\steamservice.exe
21:48:26.0348 5516 C:\Program Files\Steam\bin\steamservice.exe - ok
21:48:26.0351 5516 [ 00D5C509A656A171FB05812DF59C554E ] C:\Program Files\Steam\bin\steamservice.dll
21:48:26.0351 5516 C:\Program Files\Steam\bin\steamservice.dll - ok
21:48:26.0353 5516 [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
21:48:26.0353 5516 C:\Windows\System32\wbem\wmipcima.dll - ok
21:48:26.0356 5516 [ AA3B91B70E79BCE70AD3B190789B9574 ] C:\Windows\System32\drttransport.dll
21:48:26.0356 5516 C:\Windows\System32\drttransport.dll - ok
21:48:26.0359 5516 [ 1002E991FBFA253CD406CA1F0B15CD75 ] C:\Program Files\Steam\bin\friendsui.dll
21:48:26.0359 5516 C:\Program Files\Steam\bin\friendsui.dll - ok
21:48:26.0361 5516 [ B5D62827CFD1A710B3FA2BEB024661A9 ] C:\Program Files\Steam\bin\serverbrowser.dll
21:48:26.0361 5516 C:\Program Files\Steam\bin\serverbrowser.dll - ok
21:48:26.0364 5516 [ 5E08AC958BE05247FF1539E0D1CE7905 ] C:\Windows\System32\dinput8.dll
21:48:26.0364 5516 C:\Windows\System32\dinput8.dll - ok
21:48:26.0367 5516 [ 77F595DEE5FFACEA72B135B1FCE1312E ] C:\Windows\System32\xinput1_3.dll
21:48:26.0367 5516 C:\Windows\System32\xinput1_3.dll - ok
21:48:26.0369 5516 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\System32\d3d9.dll
21:48:26.0369 5516 C:\Windows\System32\d3d9.dll - ok
21:48:26.0372 5516 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
21:48:26.0372 5516 C:\Windows\System32\d3d8thk.dll - ok
21:48:26.0375 5516 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
21:48:26.0375 5516 C:\Windows\System32\wbem\NCProv.dll - ok
21:48:26.0377 5516 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\System32\notepad.exe
21:48:26.0377 5516 C:\Windows\System32\notepad.exe - ok
21:48:26.0380 5516 [ 68F6725B4A59E16C04B3F3AC514D6724 ] C:\Program Files\AVG\AVG2013\fixcfg.exe
21:48:26.0380 5516 C:\Program Files\AVG\AVG2013\fixcfg.exe - ok
21:48:26.0383 5516 [ 1C91C26BEE3318477FF39596EB7032CD ] C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui
21:48:26.0383 5516 C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui - ok
21:48:26.0386 5516 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:48:26.0386 5516 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
21:48:26.0389 5516 [ E3C7676582502C5E4BB9288C3617AB59 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:48:26.0389 5516 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
21:48:26.0391 5516 [ B5B2896034D8ADEBD79E0C281B52508F ] C:\Windows\AppPatch\AcGenral.dll
21:48:26.0391 5516 C:\Windows\AppPatch\AcGenral.dll - ok
21:48:26.0394 5516 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
21:48:26.0394 5516 C:\Windows\System32\drivers\spsys.sys - ok
21:48:26.0397 5516 [ 3A11396EAC2414012155AB14E5C1E332 ] C:\Windows\System32\sppwinob.dll
21:48:26.0397 5516 C:\Windows\System32\sppwinob.dll - ok
21:48:26.0399 5516 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
21:48:26.0399 5516 C:\Windows\System32\wuapi.dll - ok
21:48:26.0402 5516 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
21:48:26.0402 5516 C:\Windows\System32\cabinet.dll - ok
21:48:26.0404 5516 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
21:48:26.0404 5516 C:\Windows\System32\wups.dll - ok
21:48:26.0407 5516 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
21:48:26.0407 5516 C:\Windows\System32\mspatcha.dll - ok
21:48:26.0410 5516 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
21:48:26.0410 5516 C:\Windows\System32\wups2.dll - ok
21:48:26.0412 5516 [ 421D9645B72CD341ECDBB0FCE06C97DE ] C:\Windows\System32\sppobjs.dll
21:48:26.0412 5516 C:\Windows\System32\sppobjs.dll - ok
21:48:26.0415 5516 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] C:\Windows\System32\drivers\asyncmac.sys
21:48:26.0415 5516 C:\Windows\System32\drivers\asyncmac.sys - ok
21:48:26.0418 5516 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
21:48:26.0418 5516 C:\Windows\System32\wscisvif.dll - ok
21:48:26.0420 5516 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
21:48:26.0420 5516 C:\Windows\System32\slwga.dll - ok
21:48:26.0423 5516 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
21:48:26.0423 5516 C:\Windows\System32\sppc.dll - ok
21:48:26.0426 5516 [ 5B3D1C528CD6674FF6BD1F6720F5A686 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
21:48:26.0426 5516 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll - ok
21:48:26.0428 5516 [ A36E64D0703C7CB9724C102CA89488D4 ] C:\Windows\servicing\CbsMsg.dll
21:48:26.0428 5516 C:\Windows\servicing\CbsMsg.dll - ok
21:48:26.0431 5516 [ 0C0DF0F05BAEA320FA301F34E256E08B ] C:\Windows\System32\dpx.dll
21:48:26.0431 5516 C:\Windows\System32\dpx.dll - ok
21:48:26.0434 5516 [ 8896EF6DEBA34C5507A488729A1D3AF2 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll
21:48:26.0434 5516 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll - ok
21:48:26.0437 5516 [ 4CCF86AAD1B67168FB51A477307EC288 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll
21:48:26.0437 5516 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll - ok
21:48:26.0439 5516 [ AA376FE53D239EC404AD28AA14F33564 ] C:\Windows\System32\srclient.dll
21:48:26.0439 5516 C:\Windows\System32\srclient.dll - ok
21:48:26.0442 5516 [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\System32\spp.dll
21:48:26.0442 5516 C:\Windows\System32\spp.dll - ok
21:48:26.0445 5516 [ C9B89E87CB6D87FA4CC3F04EBC9F3D1C ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll
21:48:26.0445 5516 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll - ok
21:48:26.0448 5516 [ BBED6A14692C48279F88B3127206A1BA ] C:\Windows\System32\sxsstore.dll
21:48:26.0448 5516 C:\Windows\System32\sxsstore.dll - ok
21:48:26.0450 5516 [ 665748B8F1770EFE09AC75D8EC020100 ] C:\Windows\servicing\CbsApi.dll
21:48:26.0450 5516 C:\Windows\servicing\CbsApi.dll - ok
21:48:26.0453 5516 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
21:48:26.0453 5516 C:\Windows\System32\fltLib.dll - ok
21:48:26.0456 5516 [ 9D1693D5A9224A4CD64DD57E3614FBCC ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smipi.dll
21:48:26.0456 5516 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smipi.dll - ok
21:48:26.0458 5516 [ 739E51268B4BB79AB4F9E55F0018D0BC ] C:\Windows\System32\msdelta.dll
21:48:26.0458 5516 C:\Windows\System32\msdelta.dll - ok
21:48:26.0461 5516 [ F175E53C7C3B25A9029A131FB578B155 ] C:\Windows\System32\wscinterop.dll
21:48:26.0461 5516 C:\Windows\System32\wscinterop.dll - ok
21:48:26.0463 5516 [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\System32\wscui.cpl
21:48:26.0463 5516 C:\Windows\System32\wscui.cpl - ok
21:48:26.0466 5516 [ 1869BD251211FB6275067372A45682D6 ] C:\Windows\System32\werconcpl.dll
21:48:26.0466 5516 C:\Windows\System32\werconcpl.dll - ok
21:48:26.0469 5516 [ 57CE9D8350B1DD76EEC596C423C3C0BC ] C:\Windows\System32\hcproviders.dll
21:48:26.0469 5516 C:\Windows\System32\hcproviders.dll - ok
21:48:26.0471 5516 [ 4FE6AA4422BEC5DC3995051C670FFB26 ] C:\Windows\System32\advpack.dll
21:48:26.0471 5516 C:\Windows\System32\advpack.dll - ok
21:48:26.0473 5516 ============================================================
21:48:26.0473 5516 Scan finished
21:48:26.0473 5516 ============================================================
21:48:26.0478 5508 Detected object count: 0
21:48:26.0478 5508 Actual detected object count: 0


and Malwarebytes Anti-Rootkit came up with no threats found.
  • 0

#8
gringo_pr
Posted 23 April 2013 - 11:50 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
kingjab
Posted 24 April 2013 - 05:11 AM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 13-04-24.02 - james 04/24/2013 4:02.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3325.1477 [GMT -7:00]
Running from: c:\users\james\Desktop\ComboFix.exe
Command switches used :: c:\users\james\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PolicyDefinitions
c:\windows\PolicyDefinitions\ActiveXInstallService.admx
c:\windows\PolicyDefinitions\AddRemovePrograms.admx
c:\windows\PolicyDefinitions\AppCompat.admx
c:\windows\PolicyDefinitions\AttachmentManager.admx
c:\windows\PolicyDefinitions\AutoPlay.admx
c:\windows\PolicyDefinitions\Biometrics.admx
c:\windows\PolicyDefinitions\Bits.admx
c:\windows\PolicyDefinitions\CEIPEnable.admx
c:\windows\PolicyDefinitions\CipherSuiteOrder.admx
c:\windows\PolicyDefinitions\COM.admx
c:\windows\PolicyDefinitions\Conf.admx
c:\windows\PolicyDefinitions\ControlPanel.admx
c:\windows\PolicyDefinitions\ControlPanelDisplay.admx
c:\windows\PolicyDefinitions\Cpls.admx
c:\windows\PolicyDefinitions\CredentialProviders.admx
c:\windows\PolicyDefinitions\CredSsp.admx
c:\windows\PolicyDefinitions\CredUI.admx
c:\windows\PolicyDefinitions\CtrlAltDel.admx
c:\windows\PolicyDefinitions\DCOM.admx
c:\windows\PolicyDefinitions\Desktop.admx
c:\windows\PolicyDefinitions\DeviceInstallation.admx
c:\windows\PolicyDefinitions\DeviceRedirection.admx
c:\windows\PolicyDefinitions\DFS.admx
c:\windows\PolicyDefinitions\DigitalLocker.admx
c:\windows\PolicyDefinitions\DiskDiagnostic.admx
c:\windows\PolicyDefinitions\DiskNVCache.admx
c:\windows\PolicyDefinitions\DiskQuota.admx
c:\windows\PolicyDefinitions\DistributedLinkTracking.admx
c:\windows\PolicyDefinitions\DnsClient.admx
c:\windows\PolicyDefinitions\DWM.admx
c:\windows\PolicyDefinitions\en-US\ActiveXInstallService.adml
c:\windows\PolicyDefinitions\en-US\AddRemovePrograms.adml
c:\windows\PolicyDefinitions\en-US\AppCompat.adml
c:\windows\PolicyDefinitions\en-US\AttachmentManager.adml
c:\windows\PolicyDefinitions\en-US\AutoPlay.adml
c:\windows\PolicyDefinitions\en-US\Biometrics.adml
c:\windows\PolicyDefinitions\en-US\Bits.adml
c:\windows\PolicyDefinitions\en-US\CEIPEnable.adml
c:\windows\PolicyDefinitions\en-US\CipherSuiteOrder.adml
c:\windows\PolicyDefinitions\en-US\COM.adml
c:\windows\PolicyDefinitions\en-US\Conf.adml
c:\windows\PolicyDefinitions\en-US\ControlPanel.adml
c:\windows\PolicyDefinitions\en-US\ControlPanelDisplay.adml
c:\windows\PolicyDefinitions\en-US\Cpls.adml
c:\windows\PolicyDefinitions\en-US\CredentialProviders.adml
c:\windows\PolicyDefinitions\en-US\CredSsp.adml
c:\windows\PolicyDefinitions\en-US\CredUI.adml
c:\windows\PolicyDefinitions\en-US\CtrlAltDel.adml
c:\windows\PolicyDefinitions\en-US\DCOM.adml
c:\windows\PolicyDefinitions\en-US\Desktop.adml
c:\windows\PolicyDefinitions\en-US\DeviceInstallation.adml
c:\windows\PolicyDefinitions\en-US\DeviceRedirection.adml
c:\windows\PolicyDefinitions\en-US\DFS.adml
c:\windows\PolicyDefinitions\en-US\DigitalLocker.adml
c:\windows\PolicyDefinitions\en-US\DiskDiagnostic.adml
c:\windows\PolicyDefinitions\en-US\DiskNVCache.adml
c:\windows\PolicyDefinitions\en-US\DiskQuota.adml
c:\windows\PolicyDefinitions\en-US\DistributedLinkTracking.adml
c:\windows\PolicyDefinitions\en-US\DnsClient.adml
c:\windows\PolicyDefinitions\en-US\DWM.adml
c:\windows\PolicyDefinitions\en-US\EncryptFilesonMove.adml
c:\windows\PolicyDefinitions\en-US\EnhancedStorage.adml
c:\windows\PolicyDefinitions\en-US\ErrorReporting.adml
c:\windows\PolicyDefinitions\en-US\EventForwarding.adml
c:\windows\PolicyDefinitions\en-US\EventLog.adml
c:\windows\PolicyDefinitions\en-US\EventViewer.adml
c:\windows\PolicyDefinitions\en-US\Explorer.adml
c:\windows\PolicyDefinitions\en-US\FileRecovery.adml
c:\windows\PolicyDefinitions\en-US\FileSys.adml
c:\windows\PolicyDefinitions\en-US\FolderRedirection.adml
c:\windows\PolicyDefinitions\en-US\FramePanes.adml
c:\windows\PolicyDefinitions\en-US\fthsvc.adml
c:\windows\PolicyDefinitions\en-US\GameExplorer.adml
c:\windows\PolicyDefinitions\en-US\Globalization.adml
c:\windows\PolicyDefinitions\en-US\GroupPolicy.adml
c:\windows\PolicyDefinitions\en-US\Help.adml
c:\windows\PolicyDefinitions\en-US\HelpAndSupport.adml
c:\windows\PolicyDefinitions\en-US\HotStart.adml
c:\windows\PolicyDefinitions\en-US\ICM.adml
c:\windows\PolicyDefinitions\en-US\IIS.adml
c:\windows\PolicyDefinitions\en-US\InetRes.adml
c:\windows\PolicyDefinitions\en-US\InkWatson.adml
c:\windows\PolicyDefinitions\en-US\InputPersonalization.adml
c:\windows\PolicyDefinitions\en-US\iSCSI.adml
c:\windows\PolicyDefinitions\en-US\Kerberos.adml
c:\windows\PolicyDefinitions\en-US\LanmanServer.adml
c:\windows\PolicyDefinitions\en-US\LeakDiagnostic.adml
c:\windows\PolicyDefinitions\en-US\LinkLayerTopologyDiscovery.adml
c:\windows\PolicyDefinitions\en-US\Logon.adml
c:\windows\PolicyDefinitions\en-US\MediaCenter.adml
c:\windows\PolicyDefinitions\en-US\MMC.adml
c:\windows\PolicyDefinitions\en-US\MMCSnapins.adml
c:\windows\PolicyDefinitions\en-US\MobilePCMobilityCenter.adml
c:\windows\PolicyDefinitions\en-US\MobilePCPresentationSettings.adml
c:\windows\PolicyDefinitions\en-US\MSDT.adml
c:\windows\PolicyDefinitions\en-US\Msi-FileRecovery.adml
c:\windows\PolicyDefinitions\en-US\MSI.adml
c:\windows\PolicyDefinitions\en-US\NCSI.adml
c:\windows\PolicyDefinitions\en-US\Netlogon.adml
c:\windows\PolicyDefinitions\en-US\NetworkConnections.adml
c:\windows\PolicyDefinitions\en-US\NetworkProjection.adml
c:\windows\PolicyDefinitions\en-US\OfflineFiles.adml
c:\windows\PolicyDefinitions\en-US\P2P-pnrp.adml
c:\windows\PolicyDefinitions\en-US\ParentalControls.adml
c:\windows\PolicyDefinitions\en-US\pca.adml
c:\windows\PolicyDefinitions\en-US\PeerToPeerCaching.adml
c:\windows\PolicyDefinitions\en-US\PenTraining.adml
c:\windows\PolicyDefinitions\en-US\PerfCenterCPL.adml
c:\windows\PolicyDefinitions\en-US\PerformanceDiagnostics.adml
c:\windows\PolicyDefinitions\en-US\PerformancePerftrack.adml
c:\windows\PolicyDefinitions\en-US\Power.adml
c:\windows\PolicyDefinitions\en-US\PreviousVersions.adml
c:\windows\PolicyDefinitions\en-US\Printing.adml
c:\windows\PolicyDefinitions\en-US\Programs.adml
c:\windows\PolicyDefinitions\en-US\QOS.adml
c:\windows\PolicyDefinitions\en-US\RacWmiProv.adml
c:\windows\PolicyDefinitions\en-US\Radar.adml
c:\windows\PolicyDefinitions\en-US\ReAgent.adml
c:\windows\PolicyDefinitions\en-US\Reliability.adml
c:\windows\PolicyDefinitions\en-US\RemoteAssistance.adml
c:\windows\PolicyDefinitions\en-US\RemovableStorage.adml
c:\windows\PolicyDefinitions\en-US\RPC.adml
c:\windows\PolicyDefinitions\en-US\Scripts.adml
c:\windows\PolicyDefinitions\en-US\sdiageng.adml
c:\windows\PolicyDefinitions\en-US\sdiagschd.adml
c:\windows\PolicyDefinitions\en-US\Search.adml
c:\windows\PolicyDefinitions\en-US\Securitycenter.adml
c:\windows\PolicyDefinitions\en-US\Sensors.adml
c:\windows\PolicyDefinitions\en-US\Setup.adml
c:\windows\PolicyDefinitions\en-US\ShapeCollector.adml
c:\windows\PolicyDefinitions\en-US\SharedFolders.adml
c:\windows\PolicyDefinitions\en-US\Sharing.adml
c:\windows\PolicyDefinitions\en-US\Shell-CommandPrompt-RegEditTools.adml
c:\windows\PolicyDefinitions\en-US\ShellWelcomeCenter.adml
c:\windows\PolicyDefinitions\en-US\Sidebar.adml
c:\windows\PolicyDefinitions\en-US\Sideshow.adml
c:\windows\PolicyDefinitions\en-US\Smartcard.adml
c:\windows\PolicyDefinitions\en-US\Snmp.adml
c:\windows\PolicyDefinitions\en-US\SoundRec.adml
c:\windows\PolicyDefinitions\en-US\StartMenu.adml
c:\windows\PolicyDefinitions\en-US\SystemResourceManager.adml
c:\windows\PolicyDefinitions\en-US\SystemRestore.adml
c:\windows\PolicyDefinitions\en-US\TabletPCInputPanel.adml
c:\windows\PolicyDefinitions\en-US\TabletShell.adml
c:\windows\PolicyDefinitions\en-US\Taskbar.adml
c:\windows\PolicyDefinitions\en-US\TaskScheduler.adml
c:\windows\PolicyDefinitions\en-US\tcpip.adml
c:\windows\PolicyDefinitions\en-US\TerminalServer-WinIP.adml
c:\windows\PolicyDefinitions\en-US\TerminalServer.adml
c:\windows\PolicyDefinitions\en-US\Thumbnails.adml
c:\windows\PolicyDefinitions\en-US\TouchInput.adml
c:\windows\PolicyDefinitions\en-US\TPM.adml
c:\windows\PolicyDefinitions\en-US\UserDataBackup.adml
c:\windows\PolicyDefinitions\en-US\UserProfiles.adml
c:\windows\PolicyDefinitions\en-US\VolumeEncryption.adml
c:\windows\PolicyDefinitions\en-US\W32Time.adml
c:\windows\PolicyDefinitions\en-US\WDI.adml
c:\windows\PolicyDefinitions\en-US\WinCal.adml
c:\windows\PolicyDefinitions\en-US\Windows.adml
c:\windows\PolicyDefinitions\en-US\WindowsAnytimeUpgrade.adml
c:\windows\PolicyDefinitions\en-US\WindowsBackup.adml
c:\windows\PolicyDefinitions\en-US\WindowsColorSystem.adml
c:\windows\PolicyDefinitions\en-US\WindowsConnectNow.adml
c:\windows\PolicyDefinitions\en-US\WindowsDefender.adml
c:\windows\PolicyDefinitions\en-US\WindowsExplorer.adml
c:\windows\PolicyDefinitions\en-US\WindowsFileProtection.adml
c:\windows\PolicyDefinitions\en-US\WindowsFirewall.adml
c:\windows\PolicyDefinitions\en-US\WindowsMail.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\en-US\WindowsMessenger.adml
c:\windows\PolicyDefinitions\en-US\WindowsProducts.adml
c:\windows\PolicyDefinitions\en-US\WindowsRemoteManagement.adml
c:\windows\PolicyDefinitions\en-US\WindowsRemoteShell.adml
c:\windows\PolicyDefinitions\en-US\WindowsUpdate.adml
c:\windows\PolicyDefinitions\en-US\WinInit.adml
c:\windows\PolicyDefinitions\en-US\WinLogon.adml
c:\windows\PolicyDefinitions\en-US\Winsrv.adml
c:\windows\PolicyDefinitions\en-US\WordWheel.adml
c:\windows\PolicyDefinitions\EncryptFilesonMove.admx
c:\windows\PolicyDefinitions\EnhancedStorage.admx
c:\windows\PolicyDefinitions\ErrorReporting.admx
c:\windows\PolicyDefinitions\EventForwarding.admx
c:\windows\PolicyDefinitions\EventLog.admx
c:\windows\PolicyDefinitions\EventViewer.admx
c:\windows\PolicyDefinitions\Explorer.admx
c:\windows\PolicyDefinitions\FileRecovery.admx
c:\windows\PolicyDefinitions\FileSys.admx
c:\windows\PolicyDefinitions\FolderRedirection.admx
c:\windows\PolicyDefinitions\FramePanes.admx
c:\windows\PolicyDefinitions\fthsvc.admx
c:\windows\PolicyDefinitions\GameExplorer.admx
c:\windows\PolicyDefinitions\Globalization.admx
c:\windows\PolicyDefinitions\GroupPolicy.admx
c:\windows\PolicyDefinitions\Help.admx
c:\windows\PolicyDefinitions\HelpAndSupport.admx
c:\windows\PolicyDefinitions\HotStart.admx
c:\windows\PolicyDefinitions\ICM.admx
c:\windows\PolicyDefinitions\IIS.admx
c:\windows\PolicyDefinitions\inetres.admx
c:\windows\PolicyDefinitions\InkWatson.admx
c:\windows\PolicyDefinitions\InputPersonalization.admx
c:\windows\PolicyDefinitions\iSCSI.admx
c:\windows\PolicyDefinitions\Kerberos.admx
c:\windows\PolicyDefinitions\LanmanServer.admx
c:\windows\PolicyDefinitions\LeakDiagnostic.admx
c:\windows\PolicyDefinitions\LinkLayerTopologyDiscovery.admx
c:\windows\PolicyDefinitions\Logon.admx
c:\windows\PolicyDefinitions\MediaCenter.admx
c:\windows\PolicyDefinitions\MMC.admx
c:\windows\PolicyDefinitions\MMCSnapins.admx
c:\windows\PolicyDefinitions\MobilePCMobilityCenter.admx
c:\windows\PolicyDefinitions\MobilePCPresentationSettings.admx
c:\windows\PolicyDefinitions\MSDT.admx
c:\windows\PolicyDefinitions\Msi-FileRecovery.admx
c:\windows\PolicyDefinitions\MSI.admx
c:\windows\PolicyDefinitions\NCSI.admx
c:\windows\PolicyDefinitions\Netlogon.admx
c:\windows\PolicyDefinitions\NetworkConnections.admx
c:\windows\PolicyDefinitions\NetworkProjection.admx
c:\windows\PolicyDefinitions\OfflineFiles.admx
c:\windows\PolicyDefinitions\P2P-pnrp.admx
c:\windows\PolicyDefinitions\ParentalControls.admx
c:\windows\PolicyDefinitions\pca.admx
c:\windows\PolicyDefinitions\PeerToPeerCaching.admx
c:\windows\PolicyDefinitions\PenTraining.admx
c:\windows\PolicyDefinitions\PerfCenterCPL.admx
c:\windows\PolicyDefinitions\PerformanceDiagnostics.admx
c:\windows\PolicyDefinitions\PerformancePerftrack.admx
c:\windows\PolicyDefinitions\Power.admx
c:\windows\PolicyDefinitions\PreviousVersions.admx
c:\windows\PolicyDefinitions\Printing.admx
c:\windows\PolicyDefinitions\Programs.admx
c:\windows\PolicyDefinitions\QOS.admx
c:\windows\PolicyDefinitions\RacWmiProv.admx
c:\windows\PolicyDefinitions\Radar.admx
c:\windows\PolicyDefinitions\ReAgent.admx
c:\windows\PolicyDefinitions\Reliability.admx
c:\windows\PolicyDefinitions\RemoteAssistance.admx
c:\windows\PolicyDefinitions\RemovableStorage.admx
c:\windows\PolicyDefinitions\RPC.admx
c:\windows\PolicyDefinitions\Scripts.admx
c:\windows\PolicyDefinitions\sdiageng.admx
c:\windows\PolicyDefinitions\sdiagschd.admx
c:\windows\PolicyDefinitions\Search.admx
c:\windows\PolicyDefinitions\Securitycenter.admx
c:\windows\PolicyDefinitions\Sensors.admx
c:\windows\PolicyDefinitions\Setup.admx
c:\windows\PolicyDefinitions\ShapeCollector.admx
c:\windows\PolicyDefinitions\SharedFolders.admx
c:\windows\PolicyDefinitions\Sharing.admx
c:\windows\PolicyDefinitions\Shell-CommandPrompt-RegEditTools.admx
c:\windows\PolicyDefinitions\ShellWelcomeCenter.admx
c:\windows\PolicyDefinitions\Sidebar.admx
c:\windows\PolicyDefinitions\Sideshow.admx
c:\windows\PolicyDefinitions\Smartcard.admx
c:\windows\PolicyDefinitions\Snmp.admx
c:\windows\PolicyDefinitions\SoundRec.admx
c:\windows\PolicyDefinitions\StartMenu.admx
c:\windows\PolicyDefinitions\SystemResourceManager.admx
c:\windows\PolicyDefinitions\SystemRestore.admx
c:\windows\PolicyDefinitions\TabletPCInputPanel.admx
c:\windows\PolicyDefinitions\TabletShell.admx
c:\windows\PolicyDefinitions\Taskbar.admx
c:\windows\PolicyDefinitions\TaskScheduler.admx
c:\windows\PolicyDefinitions\tcpip.admx
c:\windows\PolicyDefinitions\Terminalserver-WinIP.admx
c:\windows\PolicyDefinitions\TerminalServer.admx
c:\windows\PolicyDefinitions\Thumbnails.admx
c:\windows\PolicyDefinitions\TouchInput.admx
c:\windows\PolicyDefinitions\TPM.admx
c:\windows\PolicyDefinitions\UserDataBackup.admx
c:\windows\PolicyDefinitions\UserProfiles.admx
c:\windows\PolicyDefinitions\VolumeEncryption.admx
c:\windows\PolicyDefinitions\W32Time.admx
c:\windows\PolicyDefinitions\WDI.admx
c:\windows\PolicyDefinitions\WinCal.admx
c:\windows\PolicyDefinitions\Windows.admx
c:\windows\PolicyDefinitions\WindowsAnytimeUpgrade.admx
c:\windows\PolicyDefinitions\WindowsBackup.admx
c:\windows\PolicyDefinitions\WindowsColorSystem.admx
c:\windows\PolicyDefinitions\WindowsConnectNow.admx
c:\windows\PolicyDefinitions\WindowsDefender.admx
c:\windows\PolicyDefinitions\WindowsExplorer.admx
c:\windows\PolicyDefinitions\WindowsFileProtection.admx
c:\windows\PolicyDefinitions\WindowsFirewall.admx
c:\windows\PolicyDefinitions\WindowsMail.admx
c:\windows\PolicyDefinitions\WindowsMediaDRM.admx
c:\windows\PolicyDefinitions\WindowsMediaPlayer.admx
c:\windows\PolicyDefinitions\WindowsMessenger.admx
c:\windows\PolicyDefinitions\WindowsProducts.admx
c:\windows\PolicyDefinitions\WindowsRemoteManagement.admx
c:\windows\PolicyDefinitions\WindowsRemoteShell.admx
c:\windows\PolicyDefinitions\WindowsUpdate.admx
c:\windows\PolicyDefinitions\WinInit.admx
c:\windows\PolicyDefinitions\WinLogon.admx
c:\windows\PolicyDefinitions\Winsrv.admx
c:\windows\PolicyDefinitions\WordWheel.admx
.
.
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 11:06 . 2013-04-24 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\programdata\BrowserProtect
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\BabSolution
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\Delta
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\program files\Delta
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\Mipony Download Manager Packages
2013-04-23 22:01 . 2013-04-24 10:54 -------- d-----w- c:\users\james\AppData\Roaming\Yontoo
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\program files\Yontoo
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\DSite
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\programdata\Tarma Installer
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\program files\MiPony
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\Babylon
2013-04-23 22:01 . 2013-04-23 22:01 -------- d-----w- c:\programdata\Babylon
2013-04-23 20:59 . 2013-04-23 20:59 -------- d-----w- c:\windows\Sun
2013-04-23 20:25 . 2013-04-24 11:06 -------- d-----w- c:\users\james\AppData\Local\temp
2013-04-23 12:05 . 2013-04-23 12:05 -------- d-----w- c:\windows\system32\wbem\Framework
2013-04-23 10:30 . 2013-04-23 10:30 -------- d-----w- c:\program files\Artemis DEMO
2013-04-21 21:22 . 2013-04-24 05:22 -------- d-----w- c:\program files\world_of_tanks
2013-04-21 21:11 . 2013-04-21 21:19 -------- d-----w- C:\Games
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-20 22:32 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Local\Programs
2013-04-20 21:52 . 2013-04-20 21:52 -------- d-----w- c:\program files\Speccy
2013-04-19 10:08 . 2013-04-19 10:08 -------- d-----w- C:\found.002
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\users\james\AppData\Local\Solid State Networks
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\program files\MeteorEntertainment
2013-04-14 00:03 . 2013-04-14 00:03 -------- d-----w- c:\program files\Marcos Velasco Security
2013-04-14 00:02 . 2013-04-14 00:02 -------- d-----w- c:\users\james\AppData\Local\CRE
2013-04-14 00:02 . 2013-04-14 00:02 -------- d-----w- c:\program files\InfoAtoms
2013-04-13 23:59 . 2013-04-21 22:03 -------- d-----w- c:\users\james\AppData\Roaming\Systweak
2013-04-11 10:23 . 2013-04-11 10:23 -------- d-----w- C:\found.001
2013-04-10 09:52 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 09:52 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 09:52 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 09:52 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 09:52 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 09:52 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 09:52 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\users\james\AppData\Roaming\Ubisoft
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\programdata\Ubisoft
2013-04-07 00:43 . 2013-04-08 01:18 -------- d-----w- c:\program files\RivaTuner Statistics Server
2013-04-06 19:34 . 2013-04-21 04:43 -------- d-----w- c:\program files\EVGA Precision X
2013-04-06 03:05 . 2013-04-06 03:05 -------- d-----w- c:\users\james\AppData\Local\ElevatedDiagnostics
2013-04-05 23:58 . 2013-04-08 01:18 -------- d-----w- c:\users\james\AppData\Roaming\Bioshock
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\users\james\AppData\Roaming\GameFly
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\program files\GameFly
2013-04-04 17:45 . 2013-04-04 17:46 -------- d-----w- c:\users\james\AppData\Roaming\Curse Advertising
2013-04-03 19:29 . 2013-04-22 08:52 -------- d-----w- c:\users\UpdatusUser
2013-04-03 19:28 . 2013-03-15 02:59 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-03 19:28 . 2013-03-15 02:59 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-03 19:28 . 2013-03-15 02:59 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-03 19:28 . 2013-03-15 02:59 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-03 19:28 . 2013-03-15 02:59 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-03 19:28 . 2013-03-13 07:07 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-03 19:28 . 2013-04-03 19:28 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-03 19:20 . 2012-12-19 05:41 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2013-04-03 19:20 . 2012-12-19 05:41 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-04-03 19:20 . 2012-12-18 08:31 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-04-03 19:20 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-03 19:20 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-03 19:06 . 2013-04-03 19:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 22:54 . 2013-04-21 22:02 -------- d-----w- C:\temp
2013-03-27 05:45 . 2013-03-27 05:45 -------- d-----w- c:\users\james\AppData\Local\Chromium
2013-03-27 04:49 . 2013-03-27 05:36 -------- d-----w- c:\users\james\AppData\Local\Turbine
2013-03-27 04:49 . 2013-03-27 05:42 -------- d-----w- c:\users\james\AppData\Local\ApplicationHistory
2013-03-26 07:36 . 2013-03-26 07:36 -------- d-----w- c:\users\james\AppData\Roaming\runic games
2013-03-25 19:44 . 2013-03-25 19:44 -------- d-----w- c:\users\james\AppData\Local\Skyrim
2013-03-25 19:43 . 2008-10-15 13:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-03-25 19:43 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-03-25 19:43 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 02:40 . 2013-01-18 08:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-21 02:40 . 2013-01-18 08:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-03 19:05 . 2012-12-29 03:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 19:05 . 2012-12-29 03:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 08:45 . 2013-03-21 08:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-21 08:45 . 2013-03-21 08:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-03-15 05:07 . 2013-03-15 05:07 559904 ----a-w- c:\windows\system32\nvStreaming.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 04:48 . 2013-03-13 07:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-16 10:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-08 00:45 . 2013-02-22 08:32 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E074E917-45BE-4058-A154-80F9C8BC6CB5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2013-04-19 1631144]
"Yontoo Desktop"="c:\users\james\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-04-17 42784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^james^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2013-03-14 00:15 4394032 ----a-w- c:\program files\AVG\AVG2013\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-04-19 21:10 1631144 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-21 08:45 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\james\AppData\Local\Temp\tmpCBAA.tmp [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32484014
*NewlyCreated* - 50168340
*NewlyCreated* - WS2IFSL
*Deregistered* - 32484014
*Deregistered* - 50168340
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 09:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 02:40]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119351&tt=220413_d9116&babsrc=HP_ss&mntrId=BE2750E549C52B77
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-32484014.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\james\AppData\Local\Temp\tmpCBAA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-24 04:07:04
ComboFix-quarantined-files.txt 2013-04-24 11:07
ComboFix2.txt 2013-04-23 20:25
.
Pre-Run: 362,473,287,680 bytes free
Post-Run: 364,111,114,240 bytes free
.
- - End Of File - - E394C9E2B536FE95C0447D3D212FDF9A
no problems with this run. though, it looks horrible from all the things deleted (never thought my computer was this badly infected) to soon to tell but seems to be running a bit better.
  • 0

#10
gringo_pr
Posted 24 April 2013 - 06:10 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\BrowserProtect
c:\users\james\AppData\Roaming\BabSolution
c:\users\james\AppData\Roaming\Delta
c:\program files\Delta
c:\users\james\AppData\Roaming\Mipony Download Manager Packages
c:\users\james\AppData\Roaming\Yontoo
c:\program files\Yontoo
c:\users\james\AppData\Roaming\DSite
c:\programdata\Tarma Installer
c:\program files\MiPony
c:\users\james\AppData\Roaming\Babylon
c:\programdata\Babylon

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
kingjab
Posted 25 April 2013 - 05:39 AM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 13-04-25.01 - james 04/25/2013 4:32.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3325.2403 [GMT -7:00]
Running from: c:\users\james\Desktop\ComboFix.exe
Command switches used :: c:\users\james\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\users\james\AppData\Roaming\Babylon
c:\users\james\AppData\Roaming\Babylon\log_file.txt
c:\users\james\AppData\Roaming\DSite
c:\users\james\AppData\Roaming\DSite\UpdateProc\config.dat
c:\users\james\AppData\Roaming\DSite\UpdateProc\TTL.DAT
.
.
((((((((((((((((((((((((( Files Created from 2013-03-25 to 2013-04-25 )))))))))))))))))))))))))))))))
.
.
2013-04-25 11:35 . 2013-04-25 11:35 -------- d-----w- c:\users\james\AppData\Local\temp
2013-04-25 11:35 . 2013-04-25 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 05:14 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-04-25 05:14 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-04-25 05:13 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2013-04-24 21:42 . 2013-04-25 04:59 111960 ----a-w- c:\windows\dxsdkuninst.exe
2013-04-24 21:42 . 2013-04-24 21:44 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
2013-04-24 12:12 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 11:18 . 2013-04-24 11:18 -------- d-----w- c:\users\james\AppData\Roaming\Mipony
2013-04-23 20:59 . 2013-04-23 20:59 -------- d-----w- c:\windows\Sun
2013-04-23 12:05 . 2013-04-23 12:05 -------- d-----w- c:\windows\system32\wbem\Framework
2013-04-23 10:30 . 2013-04-23 10:30 -------- d-----w- c:\program files\Artemis DEMO
2013-04-21 21:22 . 2013-04-25 06:01 -------- d-----w- c:\program files\world_of_tanks
2013-04-21 21:11 . 2013-04-21 21:19 -------- d-----w- C:\Games
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-20 22:32 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-20 22:32 . 2013-04-20 22:32 -------- d-----w- c:\users\james\AppData\Local\Programs
2013-04-20 21:52 . 2013-04-25 04:37 -------- d-----w- c:\program files\Speccy
2013-04-19 10:08 . 2013-04-19 10:08 -------- d-----w- C:\found.002
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\users\james\AppData\Local\Solid State Networks
2013-04-15 08:44 . 2013-04-15 08:44 -------- d-----w- c:\program files\MeteorEntertainment
2013-04-14 00:02 . 2013-04-14 00:02 -------- d-----w- c:\users\james\AppData\Local\CRE
2013-04-13 23:59 . 2013-04-21 22:03 -------- d-----w- c:\users\james\AppData\Roaming\Systweak
2013-04-11 10:23 . 2013-04-11 10:23 -------- d-----w- C:\found.001
2013-04-10 09:52 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 09:52 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 09:52 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 09:52 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 09:52 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 09:52 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\users\james\AppData\Roaming\Ubisoft
2013-04-09 07:53 . 2013-04-09 07:53 -------- d-----w- c:\programdata\Ubisoft
2013-04-07 00:43 . 2013-04-08 01:18 -------- d-----w- c:\program files\RivaTuner Statistics Server
2013-04-06 19:34 . 2013-04-21 04:43 -------- d-----w- c:\program files\EVGA Precision X
2013-04-06 03:05 . 2013-04-06 03:05 -------- d-----w- c:\users\james\AppData\Local\ElevatedDiagnostics
2013-04-05 23:58 . 2013-04-08 01:18 -------- d-----w- c:\users\james\AppData\Roaming\Bioshock
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\users\james\AppData\Roaming\GameFly
2013-04-05 19:55 . 2013-04-05 19:55 -------- d-----w- c:\program files\GameFly
2013-04-04 17:45 . 2013-04-04 17:46 -------- d-----w- c:\users\james\AppData\Roaming\Curse Advertising
2013-04-03 19:29 . 2013-04-22 08:52 -------- d-----w- c:\users\UpdatusUser
2013-04-03 19:28 . 2013-03-15 02:59 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-03 19:28 . 2013-03-15 02:59 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-03 19:28 . 2013-03-15 02:59 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-03 19:28 . 2013-03-15 02:59 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-03 19:28 . 2013-03-15 02:59 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-03 19:28 . 2013-03-13 07:07 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-03 19:28 . 2013-04-03 19:28 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-03 19:20 . 2012-12-19 05:41 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2013-04-03 19:20 . 2012-12-19 05:41 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-04-03 19:20 . 2012-12-18 08:31 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-04-03 19:20 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-03 19:20 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-03 19:06 . 2013-04-03 19:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 22:54 . 2013-04-21 22:02 -------- d-----w- C:\temp
2013-03-27 05:45 . 2013-03-27 05:45 -------- d-----w- c:\users\james\AppData\Local\Chromium
2013-03-27 04:49 . 2013-03-27 05:36 -------- d-----w- c:\users\james\AppData\Local\Turbine
2013-03-27 04:49 . 2013-03-27 05:42 -------- d-----w- c:\users\james\AppData\Local\ApplicationHistory
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 02:40 . 2013-01-18 08:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-21 02:40 . 2013-01-18 08:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-03 19:05 . 2012-12-29 03:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 19:05 . 2012-12-29 03:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-21 08:45 . 2013-03-21 08:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-21 08:45 . 2013-03-21 08:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-03-15 05:07 . 2013-03-15 05:07 559904 ----a-w- c:\windows\system32\nvStreaming.exe
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 04:48 . 2013-03-13 07:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-16 10:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-08 00:45 . 2013-02-22 08:32 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E074E917-45BE-4058-A154-80F9C8BC6CB5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^james^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2013-03-14 00:15 4394032 ----a-w- c:\program files\AVG\AVG2013\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-04-19 21:10 1631144 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-21 08:45 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\james\AppData\Local\Temp\tmpCBAA.tmp [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 09:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 02:40]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-29 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119351&tt=220413_d9116&babsrc=HP_ss&mntrId=BE2750E549C52B77
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\james\AppData\Local\Temp\tmpCBAA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-25 04:36:19
ComboFix-quarantined-files.txt 2013-04-25 11:36
ComboFix2.txt 2013-04-24 11:07
ComboFix3.txt 2013-04-23 20:25
.
Pre-Run: 365,732,065,280 bytes free
Post-Run: 365,692,821,504 bytes free
.
- - End Of File - - B82BA70C469DD5B3710C164856921D83

computer is running quite a bit smoother. are things looking any better based on the logs?
  • 0

#12
gringo_pr
Posted 25 April 2013 - 05:54 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
kingjab
Posted 26 April 2013 - 02:05 AM

kingjab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amnesia: The Dark Descent Demo
Artemis Artemis DEMO
Assassins Creed Directors Cut
AVG 2013
BioShock
Curse Client
DAEMON Tools Lite
Dungeon Keeper 2
GameFly
Google Chrome
Google Update Helper
Hawken
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 22
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft DirectX SDK (June 2010)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
Office Suite X 3.3
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
RivaTuner Statistics Server 5.0.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.2
Speccy
StarCraft II
Steam
The Elder Scrolls V: Skyrim
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
WinRAR 4.20 (32-bit)
World of Tanks
World of Warcraft
  • 0

#14
gringo_pr
Posted 26 April 2013 - 08:20 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kingjab

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 7 Update 17
Java™ 6 Update 22

 [/list]

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#15
gringo_pr
Posted 28 April 2013 - 11:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP